Iran’s threat on U.S. soil: Sleeper cells, lone wolves, cyberattacks
As attacks on Iran by U.S. and Israeli forces continue, federal counterterrorism officials warn that the desperate theocracy could launch retaliatory strikes on American soil using sleeper cells, affiliated Iranian terrorist groups, lone wolf sympathizers or targeted cyberattacks.
A few days after the assassination of Iran’s Supreme Leader Ayatollah Ali Khamenei On February 28, encrypted messages were broadcast worldwide over a new shortwave radio frequency.
“Tavajjoh! Tavajjoh!” The message began using the Persian word for “attention.” The spooky male voice then read out a series of seemingly random numbers.
The monotonous transmission was a reminder of how undercover Cold War spies for the KGB and CIA once took orders. Using a special encryption code, operators could translate the digits into a readable message. Although messages from number stations have been broadcast for decades, they are now less common in the age of digital encryption.
Still, federal officials have warned local law enforcement that they have detected a new broadcast of a coded sequence that could potentially be an “operational trigger” for “sleeping entities” on U.S. soil.
Although counterterrorism investigators have so far found no credible specific threat, a memo to police departments first seen by ABC News calls for tighter oversight of local law enforcement. The alert describes a “preliminary signal analysis” of a transmission “possibly of Iranian origin” that was transmitted to multiple countries and was intended for “confidential recipients” who possessed the encryption key.
“Sleeper cells have always been a concern when it comes to Iranians and their proxies,” said Horace Frank, a retired deputy chief and former counterterrorism chief for the Los Angeles Police Department. “This is not new, but given the current situation, some of their MPs are feeling even more helpless.”
The FBI and the Department of Homeland Security have been at war since Operation Epic Fury was launched on February 28.
During President Biden’s tenure, the Department of Homeland Security issued a threat assessment stating, “Iran relies on individuals with prior access to the United States for surveillance and deadly plots.”
Beyond the idea of a deep-secret sleeper cell threat, Iran has repeatedly tried to hire assassins to kill US officials.
After the US airstrike on the Iranian General. November Iran tried to kill Soleimani in 2020 former Secretary of State Mike Pompeo and former national security adviser John Bolton To avenge the general’s death. The Department of Justice accused Shahram Poursafi, a member of Iran’s Islamic Revolutionary Guard Corps, of trying to hire a man in Washington and Maryland for $300,000 between October 2021 and April 2022 to assassinate Bolton, a former senior official in the Trump White House. He remains a fugitive.
On Friday, Asif Raza Merchant was convicted of a 2024 murder-for-hire plot that targeted President Trump and others and attempted to commit an act of terrorism that crossed national borders. Merchant, a Pakistani native, was hired in Karachi in 2022 or early 2023 and received tradecraft training, including counter-surveillance by the Islamic Revolutionary Guard Corps, prosecutors said. Merchant stated that he was sent in 2024 to recruit “Mafia” members to steal documents, organize protests and organize murders, but the hitmen turned out to be federal agents.
In November 2024, the Department of Justice charged Farhad Shakeri, an Afghan citizen living in Tehran, with a separate conspiracy. Officials said he was also tasked by the Revolutionary Guard to hire someone to assassinate Trump.
Since the September 11 terrorist attacks, the Los Angeles Police Department has been subject to a series of attacks including street assaults with machine guns; Fuel bombs with secondary explosives and even radiation-induced dirty bombs intended to kill first responders. Using security lessons learned in the Middle East, the LAPD has even vehicles carrying Hollywood stars to the Oscars zigzagging around concrete barriers while snipers armed with .50-caliber rifles keep an eye out for potential threats.
“We are at a high level of awareness,” Chief Jim McDonnell said. “In our experience, lone wolves have been our concern.” Such attackers may be inspired by conversations in the Middle East and see themselves as acting for that purpose.
“We have some great partnerships with our local and federal agencies,” McDonnell said on counterterrorism. But historically, the chief said, no matter how much intelligence pays off, it’s often the public’s eyes and ears that provide the vital clue.
There are more than 700,000 people of Iranian descent in Southern California, the largest population outside Iran. McDonnell said this brings increased awareness.
Although the LAPD and other agencies have thwarted many lone wolf plots, the nation’s worst terrorist attack since 9/11 occurred in San Bernardino. Restaurant supervisor Syed Rizwan Farook, a U.S. citizen, and his Pakistani-born wife, Tashfeen Malik, entered a San Bernardino County employees’ holiday party with military-style assault rifles and shot more than 30 people, killing 14 in 2015.
Extreme violence, apparently inspired by online jihadist propaganda, has thrust the city of San Bernardino into the global spotlight.
For national security analysts, the San Bernardino attack was a wake-up call. At the time, they were intensely focused on preventing foreign-trained terrorists from infiltrating America’s porous borders, as the 9/11 hijackers did. American citizens were now in danger of radicalization on the Internet.
Farook grew up in Riverside. Malik was born in Pakistan and spent most of his life in Saudi Arabia. They met online, got married, had a 6-month-old daughter and lived in Redlands. They had no apparent links to international terrorist networks until Malik pledged allegiance to the leader of the extremist Islamic State group on Facebook shortly before the attack.
Within a day of the Iranian leadership being targeted and killed, 53-year-old Ndiaga Diagne wore a hoodie that read “Property of God” and a T-shirt patterned with the Iranian flag and set out to kill three people and wound 13 on Austin’s popular bar strip before being fatally shot by police in Texas. Investigators are still looking into that motive, including a “link to terrorism.”
Counterterrorism experts also warn that there is a threat from so-called proxies associated with the Iranian government, including militants linked to Hezbollah in Lebanon and the Houthi movement in Yemen. A Rand report, Hezbollah’s Networks in Latin America The militant group appeared to have a significant network active in the Southern Hemisphere.
Frank, the former police official, said these deputies have traditionally used California as a productive base for funding and avoided other activities there. However, this may change given the military threat facing Iran.
In 2023, two Iranian citizens on the US security watch list were arrested. arrested It raises security concerns at the Texas-Mexico border. Following the US-Israeli attack on Iran’s nuclear infrastructure last year, Customs and Border Patrol Commissioner Rodney Scott warned that “thousands of Iranian citizens have been documented entering the United States illegally” between 2022 and 2025. He said countless more were probably “escapes.”
But some experts say Iranians with ties to the government need not risk border crossings and access fake IDs. They note that authorities in São Paulo unmasked one centre. Iran’s document fraud networks.
U.S. counterterrorism officials have long monitored the cyber threat from Iran-backed hackers. Recent years have seen government loyalists testing vulnerabilities in U.S. systems and targeting water supply facilities. However, cyber security experts say that Iran’s existing internet has been activated since the morning of February 28, when the attacks began. connection It fell between 1% and 4%.
U.S. Cyber Command is involved in “coordinated space and cyber operations,” Chairman of the Joint Chiefs of Staff Gen. Dan Caine said [that] effectively disrupted communications and sensor networks… depriving the enemy of the ability to see, coordinate, or respond effectively.”
