# Iran Alleges US Exploited Networking Equipment Backdoors During Military Strikes _Wednesday, April 22, 2026 at 8:09 AM EDT · Cybersecurity, Policy · Latest · Tier 1 — Major_ ![Iran Alleges US Exploited Networking Equipment Backdoors During Military Strikes — Primary](https://cdn.mos.cms.futurecdn.net/3MENKrnKHBskAG4vmFGju5-2000-80.jpg) Iranian state media has alleged that networking equipment from Cisco, Juniper, Fortinet, and MikroTik failed during U.S. and Israeli military operations against Iran. The report claims that "American 'black boxes' failed at zero hour of the attack on Isfahan," and that devices either rebooted or dropped offline despite Iran having already been disconnected from the global Internet. Iranian media says this "indicates deep sabotage." The allegations speculate that hidden firmware or backdoors allowed remote sabotage, possibly triggered by satellite or at a pre-set time. None of the claims has been independently verified, and given that they originate from state media, skepticism is warranted. The United States has not addressed Iran's specific allegations, but has publicly confirmed that it conducted cyber operations against Iran's communications infrastructure. Chairman of the Joint Chiefs of Staff, General Dan Caine, said during a March 2nd Pentagon briefing that U.S. Cyber Command and U.S. Space Command were the "first movers" in Operation Epic Fury, the military campaign launched against Iran at the end of February. Caine said coordinated space and cyber operations disrupted Iranian communications and sensor networks before strikes began. Each of the four vendors named by Iran has a documented record of security issues. NSA documents leaked by Edward Snowden in 2014 demonstrated the agency's Tailored Access Operations unit intercepting Cisco routers during shipping and installing surveillance implants before repackaging them. Cisco never cooperated with the program and later began shipping equipment to decoy addresses to disrupt interception. Juniper Networks disclosed in 2015 that it had found unauthorized code in the ScreenOS firmware running on its NetScreen firewalls, which could allow attackers to bypass authentication and decrypt VPN traffic. Fortinet acknowledged in 2016 that older versions of FortiOS contained hardcoded SSH passwords granting remote access, though it characterized the problem as a management authentication issue. MikroTik routers have been a persistent target for botnet operators, with Tenable documenting a vulnerability chain in 2019 that could enable an attacker to downgrade firmware and create a persistent backdoor. Chinese state media promoted Iran's claims as further evidence of American backdoors in networking hardware. The country's National Computer Virus Emergency Response Center, which has repeatedly claimed that the U.S. fabricated the Volt Typhoon hacking campaign, seized on the allegations. Five Eyes intelligence agencies have attributed Volt Typhoon to Chinese state-sponsored actors targeting Western critical infrastructure. Iran's Internet has been largely offline for 52 consecutive days, with connectivity at roughly 1 percent of pre-war levels since strikes began on February 28. This makes it the longest nationwide internet shutdown on record. ## Sources - [Tom's Hardware](https://www.tomshardware.com/tech-industry/cyber-security/iran-claims-us-exploited-networking-equipment-backdoors-during-strikes) --- Canonical: https://techandbusiness.org/newswire/AEZb6aPEfH1He0gKABFLpd Retrieved: 2026-04-22T15:56:50.821Z Publisher: Tech & Business (techandbusiness.org)