Iran claims to have repelled a cyberattack on its critical infrastructure, roughly one day after an explosion hit one of its most important container ports and U.S.-Tehran nuclear talks resumed.According to numerous reports, the incident was disclosed by Behzad Akbari, head of Iran’s Telecommunication Infrastructure Company (TIC), who did not offer any more details.“One of the most widespread and complex cyberattacks against the country’s infrastructure was identified and preventive measures were taken,” Akbari told Iran’s Tasnim News Agency.The Reuters news agency reported that in 2021, a cyberattack on Iranian petrol stations was tied to Israel.No more information about the origins of this most recent attack on Iran and who was responsible was known as of Monday afternoon.Security experts urged caution in jumping to conclusions at this early stage.“It’s really too early to say who might have done it,” said Emily Harding, director of the Intelligence, National Security, and Technology Program at the Center for Strategic and International Studies. “The obvious answer is Israel, just because they are the usual suspect. But jumping to conclusions is dangerous,” said Harding. “The United States doesn’t usually do critical infrastructure attacks because of the impact on civilians. We generally try to aim all activity — cyber, kinetic, everything — at military and government targets.”  Harding added that we don’t know yet what kind of attack Iran faced, questioning whether it was aimed at disruption or an attempt to map their critical infrastructure networks.Morgan Wright, senior fellow at the Center for Digital Government, had two considerations with Iran.First, it’s usually never as it seems with the regime, meaning it’s possible that the attack never happened. Wright said that would simply be a deflection to take attention away from the real cause of the recent blast at the port.Second, Wright said this attack may not be as big and sophisticated as the Iranians claim.“Without more details, it’s challenging to analyze the probable players,” said Wright. “It could be the U.S. or Israel, or a group of cyber partisans taking advantage of the chaos to launch an opportunistic attack. If I were the U.S. or Israel and I had a long-term operation underway, I don’t know that I would want to ramp-it-up right now and risk detection, especially since Iran will go looking for just such a signature.” Heath Renfrow, co-founder and CISO at Fenix24, added that when a nation’s core infrastructure gets targeted, it often signals a shift toward more aggressive, state-aligned or state-tolerated operations intended to disrupt or destabilize.“We should expect to see more of these types of offensive cyber operations globally,” said Renfrow. “As cyber capabilities mature and become more accessible, adversarial states and their proxies are likely to continue using them as asymmetric tools, offering plausible deniability while achieving strategic impacts without immediate conventional military escalation.”