Iranian Hackers Have Infiltrated American Bank and Airport Systems

Geopolitical tensions in the Middle East are now extending into the digital realm. Iranian hacker groups have reportedly infiltrated American networks, including banks, technology companies, and airports.

Security researchers from Symantec and Carbon Black revealed that the hacker group known as MuddyWater has been inside the systems of several organisations since early February 2026. The group is believed to be part of Iran’s Ministry of Intelligence and Security (MOIS), which has historically been known to conduct global cyber operations.

Hacking activity was observed to increase following the military strikes by the United States and Israel on 28 February. Researchers discovered a new backdoor called “Dindoor” used by hackers to control systems remotely. This malware was found in networks of a technology company operating in Israel, as well as in US banking systems and non-profit organisations in Canada.

Additionally, another Python-based backdoor named Fakeset was discovered in airport networks and non-profit organisations in America. The malware was signed with certificates under the names “Amy Cherne” and “Donald Gay”, which have been linked to MuddyWater operations, strengthening the suspicion that this group is behind the attacks.

What makes the situation increasingly dangerous is the fact that hackers were already inside target networks before the latest conflict erupted. This means they have the potential to launch cyber attacks at any time against organisations they have successfully infiltrated.

Researchers also discovered attempts to steal data from a software company that supplies technology to the defence and aerospace industries. The data was allegedly being sent to external cloud storage, although it remains unclear whether the attempt was successful.

Previously, the MuddyWater group breached CCTV servers in Jerusalem in 2025. This access allowed them to monitor the city directly to identify potential targets. When Iran launched attacks in June last year, Israeli authorities stated that the hacked surveillance cameras were used to assist with intelligence gathering and missile targeting adjustments.

Cybersecurity company Check Point reported hundreds of exploitation attempts against internet-connected surveillance cameras in Israel and Middle Eastern countries since the war began on 28 February. Several analysts have also noted an increase in digital espionage activity, network reconnaissance, and Distributed Denial of Service (DDoS) attacks in the past week. However, to date, no major destructive cyber attacks have occurred.