Iran claims US used backdoors to knock out networking equipment during war
- Reference: 1776752496
- News link: https://www.theregister.co.uk/2026/04/21/iran_claims_us_used_backdoors/
- Source link:
Reports from Iran [1]claim hardware made by Cisco, Juniper, Fortinet, and MikroTik either rebooted or disconnected during recent attacks on Iran – despite the regime disconnecting the nation from the global internet.
The reports suggest that’s only possible because someone – probably the US – can sabotage the equipment at will.
[2]
The report linked to above hypothesizes that a hidden backdoor in firmware or bootloader allows remote attacks at a pre-determined time or can be activated by a signal from a satellite. In either scenario, the US uses the backdoor to bring down networks at the most inconvenient moment for Iran.
[3]
[4]
The thrust of the Iranian stories we’ve seen is that US-based vendors are complicit in the installation of backdoors.
Another scenario Iranian reports float is that someone has installed a botnet on networking equipment and has therefore been able to target devices from Cisco – and from MikroTik, the Latvian networking equipment vendor that emphasizes its product development takes place within the European Union.
[5]
As Iran’s internet is currently mostly closed – more on that later – it’s almost impossible to verify reports of a mass outage.
That the USA possesses the ability to conduct attacks in cyberspace is not in doubt. After the US takeover of Venezuela, president Trump and general Dan Caine, chairman of the Joint Chiefs of Staff, [6]alluded to online action being one element of the operation. Caine also [7]said US Cyber Command assisted with the June 2025 “Operation Midnight Hammer” attack on Iran, without elaborating on the agency’s role.
Whatever is going on, Chinese state media has seized on the Iranian reports to restate Beijing’s position that China is a pacifist in cyberspace and the US is the real cyber-villain.
[8]
China’s National Computer Virus Emergency Response Center (CVERC) regularly posts a [9]theory that information leaked by Edward Snowden shows the US embeds backdoors in networking equipment, and that all allegations that Beijing conducts cyberattacks is therefore just a sham to shift the blame to the Middle Kingdom. CVERC has even [10]argued that the Volt Typhoon attacks – which the Five Eyes nations agree was a Chinese attack on critical infrastructure – were a false flag operation run by US intelligence community to give it credibility when smearing China.
Chinese state media has given credence to the Iranian reports and even [11]published the cartoon below to express Beijing’s feelings on the alleged events in Iran.
[12]
Chinese State Media cartoon - Click to enlarge
While these propaganda shenanigans play out, outage-watching outfit NetBlocks [13]says Iran has maintained its internet blockade for 52 days, but adds “authorities continue efforts to segregate users and provide selective access to favored groups.”
That may be a reference to [14]reports that Iran’s government has created a service called “Internet Pro” that allows some citizens to access a subset of the global internet.
Activists [15]claim Iran’s government also issues “White SIMs” that allow unrestricted internet access to select officials. ®
Get our [16]Tech Resources
[1] https://www.entekhab.ir/fa/news/917640/%D9%81%D8%A7%D8%B1%D8%B3-%D8%B7%DB%8C-%D8%A7%D8%AA%D9%81%D8%A7%D9%82%DB%8C-%D8%B9%D8%AC%DB%8C%D8%A8-%D9%88-%D9%87%D8%B4%D8%AF%D8%A7%D8%B1-%D8%AF%D9%87%D9%86%D8%AF%D9%87-%D8%AC%D8%B9%D8%A8%D9%87%E2%80%8C%D9%87%D8%A7%DB%8C-%D8%B3%DB%8C%D8%A7%D9%87-%D8%A2%D9%85%D8%B1%DB%8C%DA%A9%D8%A7%DB%8C%DB%8C-%D8%AF%D8%B1-%D8%B3%D8%A7%D8%B9%D8%AA-%D8%B5%D9%81%D8%B1-%D8%AD%D9%85%D9%84%D9%87-%D8%A8%D9%87-%D8%A7%D8%B5%D9%81%D9%87%D8%A7%D9%86-%D8%A7%D8%B2-%DA%A9%D8%A7%D8%B1-%D8%A7%D9%81%D8%AA%D8%A7%D8%AF%D9%86%D8%AF-%D8%A7%DB%8C%D9%86-%D8%A7%D8%AE%D8%AA%D9%84%D8%A7%D9%84-%D8%AF%D8%B1-%D8%B4%D8%B1%D8%A7%DB%8C%D8%B7%DB%8C-%D8%B1%D8%AE-%D8%AF%D8%A7%D8%AF-%DA%A9%D9%87-%DA%AF%DB%8C%D8%AA%E2%80%8C%D9%88%DB%8C%E2%80%8C%D9%87%D8%A7%DB%8C-%D8%A8%DB%8C%D9%86%E2%80%8C%D8%A7%D9%84%D9%85%D9%84%D9%84-%D8%B9%D9%85%D9%84%D8%A7%D9%8B-%D9%85%D8%B3%D8%AF%D9%88%D8%AF-%D8%A8%D9%88%D8%AF%D9%86%D8%AF-%D8%A8%D9%86%D8%A7%D8%A8%D8%B1%D8%A7%DB%8C%D9%86-%D9%81%D8%B1%D9%88%D9%BE%D8%A7%D8%B4%DB%8C-%D9%85%D8%B0%DA%A9%D9%88%D8%B1-%D9%86%D8%B4%D8%A7%D9%86-%D8%A7%D8%B2-%DB%8C%DA%A9-%D8%AE%D8%B1%D8%A7%D8%A8%DA%A9%D8%A7%D8%B1%DB%8C-%D8%B9%D9%85%DB%8C%D9%82-%D8%AF%D8%A7%D8%B1%D8%AF-%D8%B3%D9%86%D8%A7%D8%B1%DB%8C%D9%88%DB%8C-%D8%AE%D8%B7%D8%B1%D9%86%D8%A7%DA%A9-%D8%AF%D8%B3%D8%AA%DA%A9%D8%A7%D8%B1%DB%8C-%D8%AF%D8%B1-%D9%85%D8%A8%D8%AF%D8%A3-%D8%AA%D9%88%D9%84%DB%8C%D8%AF-%D8%A7%D8%B3%D8%AA-%D8%A7%DA%AF%D8%B1-%D9%81%D8%A7%DB%8C%D9%84%E2%80%8C%D9%87%D8%A7%DB%8C-%D9%86%D8%B5%D8%A8%DB%8C-%D9%82%D8%A8%D9%84-%D8%A7%D8%B2-%D9%88%D8%B1%D9%88%D8%AF-%D8%A8%D9%87-%D8%A7%DB%8C%D8%B1%D8%A7%D9%86-%D8%A2%D9%84%D9%88%D8%AF%D9%87-%D8%B4%D8%AF%D9%87-%D8%A8%D8%A7%D8%B4%D9%86%D8%AF-%D8%AD%D8%AA%DB%8C-%D8%AA%D8%B9%D9%88%DB%8C%D8%B6-%D8%B3%DB%8C%D8%B3%D8%AA%D9%85-%D8%B9%D8%A7%D9%85%D9%84-%D9%87%D9%85-%D9%85%D8%B4%DA%A9%D9%84-%D8%B1%D8%A7-%D8%AD%D9%84-%D9%86%D9%85%DB%8C%E2%80%8C%DA%A9%D9%86%D8%AF
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aedKwxkQx_ezhEzawtKI4AAAAUE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aedKwxkQx_ezhEzawtKI4AAAAUE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aedKwxkQx_ezhEzawtKI4AAAAUE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aedKwxkQx_ezhEzawtKI4AAAAUE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2026/01/08/cloudflare_venezuela_bgp_attack_theory/
[7] https://www.war.gov/News/Releases/Release/Article/4222543/secretary-of-defense-pete-hegseth-and-chairman-of-the-joint-chiefs-of-staff-gen/
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aedKwxkQx_ezhEzawtKI4AAAAUE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2024/10/15/china_volt_typhoon_false_flag/
[10] https://www.theregister.com/2024/07/19/volt_typhoon_china_theory/
[11] https://english.news.cn/20260417/7c6c61509f1e4f4c87f97ad9f7a20bf0/c.html
[12] https://regmedia.co.uk/2026/04/21/supplied_china_us_trojan_cartoon.jpg
[13] https://mastodon.social/@netblocks/116435885695870167
[14] https://www.aljazeera.com/news/2026/4/20/iran-expands-limited-internet-access-but-restrictions-remain-for-most
[15] https://www.ncr-iran.org/en/fake-opposition/irans-white-sim-internet-how-tehran-hacks-the-feed-you-trust/
[16] https://whitepapers.theregister.com/
Check the source code
Trust but verify
There will be people who will automatically think "Iran are lying", and there will be people who will automatically think "Well duh Iran of course". But then there will be people who remember the Snowden leaks and they will rightly say "You want us to be surprised by this?".
Everyone is at it.
Most people I speak to don't know about Snowden and think I'm exaggerating when I tell them about the things he revealed.
Lesson is: people believe what they were thought to believe.
They don't have a clue what happened, so they've not even lying. There're 4 possibilities they give and 3 of them theorycraft involvement of US manufacturers of the equipment without any evidence, then reach the conclusion that US gear must be purged from their networks just as is happening in many other countries for Chinese or occasionally US networking kit.
Of course it's possible, and yes they definitely should manufacture their own network circuit boards, or at least risk letting the CCP have backdoors rather than the plainly adversarial US.
However the more straightforward explanation is the "internal malicious packets triggering 0-day" theory. The idea they can just shutdown their international internet links and that does more than slightly impede nation-state adversaries like Israel and the US conjuring up malicious packets is completely naive. Even some regular Iranian citizens are evading the internet block, there are many dissidents, and Israel has spent about 45 years developing assets inside Iran to the extent they were able to pinpoint large numbers of very high ranking leaders in apparent real-time. Of course, it's a better look to write news reports that blame evil satellites pinging routers from space than question their wider counter-intelligence problem.
Of course I expect US made devices to be backdoored by the CIA. But Mikrotik? Probably the CIA has zero days for these? But if you allow for public access to the web UI or to the winbox port, this is poor security on their side.
As has been mused by many other commentators, I’m inclined to believe the heinous regime in Iran long before I believe anything that the Orange One or any of his clowns spout from the heinous regime in the US
A country that makes network equipment and also plays the Great Game of Empire.
Embedding back doors in said equipment sold to other countries gives great advantages in any conflict. It is relatively easy to do. It is hard to detect it is either present during peace time, or doing nefarious stuff during a war. It is easy to deny, if caught. It is easy to accuse your rival equipment manufacturing country of doing it, while claiming to be squeeky clean yourself. It is very hard for anyone else to separate fact from propoganda.
Put all that together, then why not? This logic applies as equally to China as to the US.
Open Source firmware
This has got to be the way that everyone should go. Not a 100% guarantee but a good start. Something like [1]Openwrt .
[1] https://en.wikipedia.org/wiki/Openwrt
If Iran and PRoC are very close, why is Iran still using Cisco, Mikrotik, etc. when Huawei is available?
Old equipment - no budget for replacement
Iran probably had a lot of Cisco equipment and no one provided the budget to replace it with NSA-backdoor free Huawei equipment.
Given what happened, I expect there to be a LOT of Cisco equipment on the secondhand markets in the next couple of years.
(Also expect a lot of anti-Huawei rules to be removed in countries outside the US.)
Re: Old equipment - no budget for replacement
" Also expect a lot of anti-Huawei rules to be removed in countries outside the US. "
Wasn't there a joint Huawei-European facility to clear Huawei kit of this skulduggery (more than ten years ago I think) but I was abandonned in some all-the-way-with-the-usa lunacy? All the way down the garden path to mind numbingly senseless buggery.
I am surprised that anyone would be surprised that US intelligence agencies might want to use equipment being shipped to countries on their naughty list for espionage.
That the Chinese are trying to pretend that they are squeaky clean in this is like the proverbial pot calling the kettle black.
Having spent some years looking after networks and firewalls at two intergovernmental organisations in Europe, I was witness to almost daily attacks from Chinese sources I also dealt with the aftermath of successful Chinese attacks on third party systems that were outside our scope and perimeter.
Well of course the US used backdoors in networking gear and servers.
Its the real reason they don't want Chinese gear in their or any of their Allies countries, because the Chinese gear has no backdoors, and the US can't spy on countries using Chinese equipment.
I'm pretty sure the Chinese gear has backdoors. Just not ones the US controls. I would call it negligent to not do this, we as consumers might not like it, companies won't like it but they will do it.
The left pondians would be pretty bloody stupid not to have backdoors, but just because they have then does not mean that China doesn't. They, too, would be pretty bloody stupid not to have.
On the other hand, Iran would be equally bloody stupid to expect otherwise and not have taken precautions. Whether or not said backdoors have been used as Iran claims is debatable, though. While I'm sure they could be, it's also a good propaganda opportunity, and might be a useful excuse for getting pasted, too. It's not like Iran is the most open and honest country in the world, or the most technically capable.
I doubt we'll ever know, but the notion of backdoored kit shouldn't come as a surprise to anyone.
Disconnected?
"Fortinet, and MikroTik either rebooted or disconnected during recent attacks on Iran – despite the regime disconnecting the nation from the global internet."
I assume the commands to disable the routers must have been given before the disconnection of Iran. But nationwide router reset should set off alarms which could have warned Iran about the attack.
I am wondering about the precise timing of events.
False flag operations
What ? The USA would conduct [1]false flag ops to smear China ? Say it ain't so.
The country that has the greatest president since 2025 could not possibly reach such a level. After all, its wonderful president is running a perfectly legal, honest-to-goodness crypto scheme for the good of the citizens of the country (subject to ICE approval, minimal possible investment is $1 million).
[1] https://en.wikipedia.org/wiki/False_flag