US technology companies are facing threats from Iran’s Islamic Revolutionary Guards Corps (IRGC), which has declared them “legitimate targets.” This warning specifically applies to US tech firms operating in the Middle East, marking an escalation in tensions that began with US and Israeli strikes at the end of February.
Iran issued the threat on Tuesday, stating that as of Wednesday, facilities owned by US technology companies in the Middle East would be considered targets. The IRGC shared this message via the country’s Tasmin News Agency, advising employees to evacuate their workplaces and residents living within a kilometer of these companies “in all countries” to leave the area.
Among the more than a dozen companies named by the IRGC are prominent names such as Apple, Google, Intel, and Tesla. The declaration significantly broadens the scope of potential conflict to include critical technological infrastructure.
Following these threats, an incident occurred on Wednesday when Amazon’s cloud computing operations in Bahrain reportedly sustained damage. This marks a second known attack on Amazon AWS facilities, with a previous drone attack having been reported in March.
Representatives from several companies on the IRGC’s list, including Apple, Google, IBM, Palantir, Boeing, Intel, and Tesla, did not immediately provide comments when requested. Microsoft, however, responded to an inquiry by stating the company had nothing to share regarding the threats at that time.
An Intel spokesperson commented on the situation, stating, “The safety and well-being of our team is our number one priority. We are taking steps to safeguard and support our workers and facilities in the Middle East and are actively monitoring the situation.” This statement was provided to CNBC.
The US government has affirmed its commitment to defending the threatened companies. An unnamed White House official conveyed to Reuters that the US “is and was prepared to curtail any attacks by Iran.”
Experts analyzing the IRGC’s language suggest that the threats indicate an intent to cause disruption and data exposure rather than physical attacks directly targeting tech offices or personnel. Chris Nyhuis, founder and CEO of the Ohio-based cybersecurity company Vigilant, noted that the threats are “more about sending a message than causing visible damage.”
Nyhuis further elaborated on the likely nature of such attacks, stating, “Based on what we have seen from Iranian groups recently, that likely means wiping devices, shutting down systems and stealing data to embarrass the target.” This suggests a focus on cyber- warfare tactics to inflict reputational and operational harm.
Adding another layer of concern, experts highlight a potential overlap with attacks from North Korean hackers who have been targeting supply chains and code repositories. This convergence of threats could amplify the potential for damage.
Nyhuis expressed particular concern about this dual threat, observing, “What concerns me most is the overlap. You have North Korean hackers embedding themselves in the software supply chain. You have Iranian hackers threatening to destroy American companies.” He emphasized that both groups are exploiting the same fundamental weakness: “the way modern software is built on a chain of trust that nobody is verifying.”
Vigilant’s research has identified significant vulnerabilities, finding that 40% of the most popular open-source projects contain flaws that could be exploited by groups like the IRGC and North Korean hackers.
In light of these escalating threats, Nyhuis advises companies to enhance their vigilance when incorporating tools and code from the internet and to rigorously verify software builds to mitigate existing vulnerabilities and prevent potential exploits.