Iranian hackers linked to state structures are expanding the scope of their cyber-espionage activities beyond the Middle East, targeting operations in Europe and North America, according to Microsoft’s 2025 Digital Defense Report, according to iranintl.
The report notes that three groups acting on behalf of the Iranian government recently attacked shipping and logistics companies in Europe and the Gulf countries. The goal of these attacks was to gain persistent access to sensitive commercial data, which Microsoft experts believe may indicate Iran’s preparation to interfere in international shipping operations.
In response to the allegations, Iran’s mission to the UN stated that Tehran is not initiating offensive cyber operations against other countries. The mission emphasized that Iran itself is often targeted by cyberattacks and will respond to any threats proportionally, depending on their nature and scale.
The Microsoft report was published shortly after the UK intelligence service MI5 warned parliament members about increased activity from spies from China, Russia, and Iran, who, according to intelligence agencies, are attempting to influence domestic UK politics, collect intelligence, and undermine democratic institutions.
MI5 Chief Ken McCallum urged parliamentarians on Tuesday to exercise caution when interacting with suspicious individuals and to watch for phishing attempts, blackmail, or attempts to establish long-term connections aimed at influencing political decisions.
FBI director Kash Patel on Wednesday said the United States has seen a 50% increase in espionage cases linked to Iran.
US security agencies had warned in July of increased risk from Iranian cyber actors.
“Based on the current geopolitical environment, Iranian-affiliated cyber actors may target US devices and networks for near-term cyber operations,” the Cybersecurity and Infrastructure Security Agency (CISA) said in the report, issued jointly with the National Security Agency (NSA), Department of Homeland Security (DHS), and FBI.
