In late February 2026, a military conflict erupted between the United States and Israel against Iran, four years after the Russia-Ukraine war began. Unlike that conflict, a ceasefire was established within a couple of months, and recently, Donald Trump extended this period for another two weeks. However, the war continues in the Strait of Hormuz despite the promised truce. Iran has now accused the United States of employing hidden backdoors and botnets in routers from brands such as Cisco, Juniper, Fortinet, and MikroTik, citing suspicious behavior and disconnections during critical moments.
The US initiated its offensive against Iran with a military operation involving surprise bombings targeting cities and critical infrastructure. Israel subsequently joined the war, and the conflict, which appeared to be nearing an end or at least a temporary pause, has persisted. This ceasefire did not prevent the conflict from spreading to other regions, and as expected, Iran has not remained idle.
Iran Alleges US Infected and Strategically Disabled Routers During Attacks
Tensions between these nations are escalating, with ongoing suspicions and accusations surfacing due to unusual occurrences. Iran observed routers from various manufacturers failing at crucial junctures of the war, suggesting deliberate enemy manipulation. Consequently, Iran has unofficially accused the United States of installing botnets and backdoors in routers from popular brands like Cisco, as well as Juniper, Fortinet, and MikroTik. These accusations first emerged in Iranian media outlets such as Entekhab.ir and have since spread to other international websites.
Iranian media claims this was part of a US strategy involving malware injection into the firmware and bootloaders, designed to activate during attacks and disrupt communication. However, this theory lacks supporting evidence. The only confirmed fact is that Iran has been without internet access for over 50 days.
All Mentioned Router Companies Have a History of Vulnerabilities and Security Issues
Al Jazeera reported that Iranian authorities were taking measures to address the situation, offering limited connectivity through a ‘Pro Internet’ plan. Additionally, ‘white SIM cards’ are being distributed to select groups within the country, granting them internet access with fewer restrictions. Beyond the malware accusations, another theory suggests the US has gained control by utilizing pre-installed botnets in network devices that would disable functionality during attacks.
While these are unsubstantiated accusations, it is worth noting that the mentioned router companies have a history of security problems. For instance, in 2014, the NSA reportedly implemented malware in Cisco routers. In 2015, Juniper experienced a vulnerability in ScreenOS. Fortinet has also faced issues concerning SSH credentials in FortiOS, and MikroTik has been investigated for alleged botnet attacks and backdoors, aligning with Iran’s claims.
