Iran’s Islamic Revolutionary Guard Corps (IRGC) has placed 18 major U.S. technology companies on a formal list of targets, framing them as their next targets to attack amid the ongoing conflict between Iran and the United States and Israel.
Iran’s semi-official Tasnim News Agency, which is linked to the IRGC, published a list of major U.S. tech companies as potential targets, warning that as the conflict expands across infrastructure, cyberwarfare, and regional dimensions, Iran’s legitimate targets are also gradually expanding.
The list names 17 American companies, including Cisco, HP, Intel, Oracle, Microsoft, Apple, Google, Meta, IBM, Dell, Palantir, Nvidia, J.P. Morgan Chase, Tesla, GE, and Boeing, as well as the Dubai AI companies G42 and Spire Solutions.
The IRGC stated that American information and AI companies are “the main element” in designing and tracking operations that the U.S. has conducted against Iran.
“You ignored our repeated warnings about the need to stop terrorist operations, and today, a number of Iranian citizens were martyred in both your and your Israeli allies’ terrorist attacks; since the main element in designing and tracking terror targets are American ICT and AI companies, in response to these terrorist operations, from now on, the main institutions effective in terrorist operations will be our legitimate targets,” the IRGC said.
Attacks Have Already Started
Iranian drone strikes damaged two Amazon Web Services facilities in the UAE last week, while another drone landed close to its facility in Bahrain and damaged part of its infrastructure. AWS confirmed the strikes caused structural damage, disrupted power delivery to its infrastructure, and in some cases required fire suppression activities that led to water damage.
On the cyber side, the damage is also real. Stryker, a Michigan-based medical device company, confirmed it was experiencing a global network disruption to its Microsoft environment as a result of a cyberattack. The company said there was no indication of malware or ransomware and that it believed the attack was contained to its internal Microsoft environment.
However, Handala, a hacking group with documented ties to Tehran, claimed responsibility for the Stryker attack, calling it “the beginning of a new chapter in cyber warfare.” The group said the cyber attack was carried out in retaliation to the schoolgirls that died in a strike that killed over 170 people as ordered by the United States and Israel.
What Companies Need to Do Now
The guidance from cybersecurity agencies and firms is consistent across the board. And this is because the attacks are coming from multiple directions. Former CISA Director Chris Krebs told CBS that it is essentially an “all-hands-on-deck” approach by Iran.
As such, CISA, the FBI, and security researchers advise organizations that are affected to enforce phishing-resistant multi-factor authentication, implement network segmentation, take offline backups, and ensure that all internet-facing applications, VPN gateways, and edge devices are kept up to date. They also recommend limiting internet exposure of operational technology systems and disabling remote access to those systems where possible.
For organizations that may face destructive attacks, security researchers recommend isolating backup infrastructure from production networks to ensure systems can be restored quickly following any impact.
And for companies with infrastructure or staff in the Middle East, the physical threat is equally real. The IRGC advised that employees of named firms should leave their workplaces immediately and that residents in the surrounding areas should evacuate from a one-kilometer radius around the targeted companies.
While the targeting, based on current evidence, appears focused on Middle East infrastructure rather than U.S. domestic operations, that boundary is still not fixed as it may shift depending on how the conflict worsens.
