With heat dome bearing down on U.S., pro-Iran hackers claim attack on National Weather Service

Pro-Iran hackers who took credit for a nationwide Friday outage of a platform delivering emergency alerts in major U.S. cities said today that they hacked the National Weather Service website.

“The National Weather Service webpage is currently experiencing an outage,” the NWS Grand Junction account posted at 12:06 p.m. on X. “As of now, there is no timeline on when it will be restored. We apologize for the inconvenience.” As of 1:20 p.m. EST, the NWS website was inaccessible, but a 1:45 p.m. check showed it had been restored.

The outage came as Colorado is grappling with critical fire weather conditions and a dangerous heat dome is expected to scorch the eastern half of the country this week.

Users began reporting trouble with weather.gov at Downdetector shortly before 9 a.m. today.

The Islamic Cyber ​​Resistance in Iraq – 313 Team posted on its Telegram channel at 10:14 a.m. that it “carried out a sophisticated cyberattack targeting the U.S. National Weather Service” that “caused intermittent outages and slowed down the website’s operations.”

The group originally said the attack would last for half an hour, but just after 11 a.m. they announced an extension. “We have increased the intensity of the attack, and during this time the website will experience major disruptions,” 313 Team said, subsequently noting the NWS Grand Junction acknowledgement of the outage.

At 12:32 p.m., 313 Team said they extended the attack again by two hours. “We want to confirm that the internal infrastructure and website pages of the US National Weather Service are experiencing significant disruptions as a result of the sophisticated attacks we launched against their infrastructure,” the hackers said.

“We will continue our struggle until our last drop of blood, following the path of the Master of Martyrs,” they added shortly afterward. “We affirm that the hand of vengeance will reach the killers of Ayatollah Khamenei.”

313 Team, which said it attacked Spotify last month similarly stating the intent that “the hand of revenge will reach the killers of Imam Khamenei” and earlier claimed responsibility for a “rapid fire” attack on eBay, has been relentlessly targeting companies with DDoS attacks since the U.S. and Israel launched Operation Epic Fury, claiming in April that it disrupted Bluesky with what the social media site called a “sophisticated” attack. They also claimed to be behind a mid-March Microsoft outage and took credit for hitting the X platform at the end of that month, and also have claimed attacks on Amazon Prime Video, Dropbox, Yahoo, AOL and more sites.

The D.C. Homeland Security and Emergency Management Agency announced on Facebook Friday evening that Everbridge, “the technology platform behind AlertDC, is currently experiencing a nationwide outage.” AlertDC is the district’s official emergency notification system that sends residents who sign up emails or text alerts about extreme weather, government and school closures, crime and traffic advisories, power outages, Amber Alerts and more.

DC HSEMA said the Everbridge outage did not affect the district’s “ability to issue Wireless Emergency Alerts (WEA) for imminent life-safety threats”; WEA alerts are sent through FEMA’s Integrated Public Alert and Warning System (IPAWS) to communications companies that then push the advisories to mobile devices on their networks. Other jurisdictions including Fairfax County, Va., posted similar messages about the Everbridge outage on their social media accounts. Everbridge has reported thousands of city and county government customers using its platform.

Late Saturday morning, DC HSEMA posted that “Everbridge has resolved the nationwide outage” and added that their agency “will continue to monitor system performance.”

Shortly after DC HSEMA’s Facebook post, 313 Team said on its Telegram channel that it struck Everbridge, resulting in “the website being shut down and the login interface being completely disabled.” The group added in a subsequent post that their attack on the company’s servers “disrupted internal systems and prevented the issuance of any urgent alerts and warnings to the population,” and then posted a screenshot of reports spiking on Downdetector.

313 Team also posted a handful of jurisdictions’ alerts to residents about the outage, including the San Francisco Department of Emergency Management encouraging residents to follow their WhatsApp channel as an alternate way to receive public safety updates.

“The attack will continue for an additional hour, so that Everbridge’s servers will be down for more than 4 hours, so that they cannot issue any alerts or warnings to the population,” the hackers posted late Friday, three hours after their first post claiming the attack.

On Thursday, 313 Team claimed it attacked Reddit for half an hour, generating a surge of user reports to Downdetector.

Other groups in Iran’s corner have openly threatened or claimed responsibility for attacks targeting critical infrastructure sectors. Earlier in the war, APT IRAN said it swiped a tranche of sensitive materials from Lockheed Martin and posted it for sale in a Russian- and English-language dark web marketplace. Three days before the April 8 ceasefire began, the IRGC-backed Handala group claimed that they were poised to inflict water, electricity and oil sector attacks on the United States and its allies of a caliber to “send your lives back to the Middle Ages” if the U.S. hit Iran’s power grid, as President Donald Trump threatened.

In early May, Handala claimed in a Telegram post that strikes on Fujairah oil facilities were part of a coordinated cyber-physical offensive with the IRGC targeting the United Arab Emirates port city — “a fully coordinated operation” that began with their breach of port systems and was followed by kinetic attacks “minutes later.” Most recently, Handala made an unsubstantiated claim that that the group breached California water systems in retaliation for alleged U.S. strikes that damaged civilian water infrastructure in southern Iran.