Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Pro-Iran hackers claim hit on emergency alerts across U.S. cities

Ads at the Capital One Arena encourage residents to sign up for the AlertDC emergency notification system. (DC HSEMA)
By Bridget Johnson

Pro-Iran hackers who have claimed attacks on multiple Western websites throughout the U.S.-Israel conflict with the Islamic Republic said they were behind the outage of an incident response platform that alerts residents and response teams during disasters, attacks, public health emergencies and more.

The D.C. Homeland Security and Emergency Management Agency announced on Facebook Friday evening that Everbridge, “the technology platform behind AlertDC, is currently experiencing a nationwide outage.” AlertDC is the district’s official emergency notification system that sends residents who sign up emails or text alerts about extreme weather, government and school closures, crime and traffic advisories, power outages, Amber Alerts and more.

DC HSEMA said the Everbridge outage did not affect the district’s “ability to issue Wireless Emergency Alerts (WEA) for imminent life-safety threats”; WEA alerts are sent through FEMA’s Integrated Public Alert and Warning System (IPAWS) to communications companies that then push the advisories to mobile devices on their networks. Other jurisdictions including Fairfax County, Va., posted similar messages about the Everbridge outage on their social media accounts. Everbridge has reported thousands of city and county government customers using its platform.

Late Saturday morning, DC HSEMA posted that “Everbridge has resolved the nationwide outage” and added that their agency “will continue to monitor system performance.”

The Islamic Cyber ​​Resistance in Iraq – 313 Team, which said it attacked Spotify last month with the intent that “the hand of revenge will reach the killers of Imam Khamenei” and earlier claimed responsibility for a “rapid fire” attack on eBay, has been relentlessly targeting companies with DDoS attacks, claiming in April that it disrupted Bluesky with what the social media site called a “sophisticated” attack. They also claimed to be behind a mid-March Microsoft outage and took credit for hitting the X platform at the end of that month, and also have claimed attacks on Amazon Prime Video, Dropbox, Yahoo, AOL and more sites.

Shortly after DC HSEMA’s Facebook post, 313 Team said on its Telegram channel that it struck Everbridge, resulting in “the website being shut down and the login interface being completely disabled.” The group added in a subsequent post that their attack on the company’s servers “disrupted internal systems and prevented the issuance of any urgent alerts and warnings to the population,” and then posted a screenshot of reports spiking on Downdetector.

313 Team also posted a handful of jurisdictions’ alerts to residents about the outage, including the San Francisco Department of Emergency Management encouraging residents to follow their WhatsApp channel as an alternate way to receive public safety updates.

“The attack will continue for an additional hour, so that Everbridge’s servers will be down for more than 4 hours, so that they cannot issue any alerts or warnings to the population,” the hackers posted late Friday, three hours after their first post claiming the attack.

On Thursday, 313 Team claimed it attacked Reddit for half an hour, generating a surge of user reports to Downdetector.

Their claimed eBay attack that began April 26 included an aggressive demand that the company respond directly to them as eBay acknowledged “intermittent technical issues” in a message to sellers.

One 313 Team post directly addressed eBay: “There is a simple way out. We have emailed you with our Session Contact ID. If you fail to reach out, we will continue our assault. You are losing money by the minute, stop being fools.”

Other groups in Iran’s corner have openly threatened or claimed responsibility for attacks targeting critical infrastructure sectors. Earlier in the war, APT IRAN said it swiped a tranche of sensitive materials from Lockheed Martin and posted it for sale in a Russian- and English-language dark web marketplace. Three days before the April 8 ceasefire began, Handala claimed that they were poised to inflict water, electricity and oil sector attacks on the United States and its allies of a caliber to “send your lives back to the Middle Ages” if the U.S. hit Iran’s power grid, as President Donald Trump threatened.

In early May, Handala claimed in a Telegram post that strikes on Fujairah oil facilities were part of a coordinated cyber-physical offensive with the IRGC targeting the United Arab Emirates port city — “a fully coordinated operation” that began with their breach of port systems and was followed by kinetic attacks “minutes later.” Most recently, Handala made an unsubstantiated claim that that the group breached California water systems in retaliation for alleged U.S. strikes that damaged civilian water infrastructure in southern Iran.

Read More

Click to listen highlighted text!