Threat Intelligence , Network Security Iran alleges US cyberattacks; China amplifies claims April 21, 2026 Share By SC Staff United States of America waving flag with many folds Iranian state media has alleged that the United States utilized backdoors or botnets to disable networking equipment during recent conflicts, with Chinese state media amplifying these claims. These reports suggest that hardware from manufacturers like Cisco, Juniper, Fortinet, and MikroTik experienced disruptions, even as Iran maintained a significant internet blockade, with further coverage provided by The Register. The allegations posit that a hidden backdoor within the firmware or bootloader of networking equipment, potentially activated by a satellite signal or at a predetermined time, allowed for remote sabotage. Another theory suggests the deployment of a botnet targeting devices from US-based vendors and MikroTik. While the US has previously alluded to cyber operations as part of military actions, such as in Venezuela and a reported attack on Iran, the specifics remain undisclosed. The extent of these alleged outages is difficult to verify due to Iran's ongoing internet restrictions, which have been in place for over 50 days, with selective access granted to favored groups. These claims, amplified by Chinese state media, align with Beijing's narrative of portraying the US as a cyber aggressor and China as a pacifist in cyberspace. This geopolitical framing is further evidenced by China's past assertions that US intelligence embeds backdoors in hardware and that alleged Chinese cyberattacks are false flag operations. Source: The Register An In-Depth Guide to Network Security Get essential knowledge and practical strategies to fortify your network security. Learn More SC Staff Related Threat Intelligence Mastodon hit by DDoS attack, disrupting flagship server SC Staff April 21, 2026 The cyberattack began early Monday morning, with Mastodon confirming the investigation around 7 a.m. ET. Ransomware SystemBC botnet linked to Gentlemen ransomware attacks SC Staff April 21, 2026 The Gentlemen ransomware-as-a-service (RaaS) operation, active since mid-2025, offers encryption for various systems including Windows, Linux, and ESXi hypervisors. Network Security GreyNoise finds attacker activity surges before vulnerability disclosures Laura French April 21, 2026 The median lead time between activity surge and advisory publication was 11 days. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Bandwidth Bastion Host Berkeley Internet Name Domain (BIND) Domain Name DumpSec Dumpster Diving Fault Line Attacks Hybrid Attack Password Cracking You can skip this ad in 5 seconds