Iranian state-linked hackers are expanding their cyber operations beyond the Middle East to include targets in North America and Europe, according to Microsoft’s 2025 Digital Defense Report published on Thursday.
"Recently, three Iranian state-affiliated actors attacked shipping and logistics firms in Europe and the Persian Gulf to gain ongoing access to sensitive commercial data, raising the possibility that Iran may be pre-positioning to have the ability to interfere with commercial shipping operations," the report said.
In response, Iran’s mission to the United Nations denied the allegation, saying Tehran “is not the initiator of any offensive cyber operations against any country.”
The mission said Iran is a victim of cyberattacks itself and “will respond to any cyber threat in proportion to its nature and scope.”
Microsoft's report comes just days after Britain’s MI5 warned members of Parliament that spies from China, Russia and Iran are targeting UK politicians in an effort to influence policy, gather intelligence and undermine democracy.
On Tuesday, MI5 Director General Ken McCallum urged lawmakers to stay alert to blackmail attempts, phishing attacks, and approaches from individuals seeking to cultivate long-term relationships or make donations to sway decisions.
FBI director Kash Patel on Wednesday said the United States has seen a 50% increase in espionage cases linked to Iran.
US security agencies had warned in July of increased risk from Iranian cyber actors.
“Based on the current geopolitical environment, Iranian-affiliated cyber actors may target US devices and networks for near-term cyber operations,” the Cybersecurity and Infrastructure Security Agency (CISA) said in the report, issued jointly with the National Security Agency (NSA), Department of Homeland Security (DHS), and FBI.
