Reports from Iranian state media claim that U.S.-manufactured networking gear ceased functioning at critical moments during military strikes. The allegations, which cannot be independently verified, claim there were simultaneous failures across routers and switches produced by Cisco, Fortinet, Juniper Networks, and MikroTik during attacks on Iranian infrastructure.

According to accounts published by the Iranian Fars News Agency, the disruptions occurred as U.S. forces targeted sites in Iran’s Isfahan Province. Devices reportedly disconnected or rebooted despite the country having largely severed its connection to the global Internet. Iranian officials claimed the timing was deliberate, suggesting the presence of embedded vulnerabilities or dormant malware within the equipment.

Iranian sources say that the failures could not have resulted from conventional remote cyberattacks, given the country’s isolation from external networks during the strikes. Instead, they describe scenarios involving pre-positioned code within firmware or the activation of hidden backdoors capable of triggering disruptions without external connectivity.

U.S. vendors have not confirmed the existence of such vulnerabilities, and no independent technical analysis has been released.

Since the start of the conflict, authorities have maintained a near-total Internet shutdown. Only a limited group of approved users could access the Internet. This isolation is one of the reasons it is hard to verify claims of coordinated hardware failures.

The isolation also reveals Iran’s decision to build a centralized and controllable network architecture, which limits foreign influence and enhances domestic surveillance. The downside of such a centralized approach is that it includes the potential for single points of failure.

Sustained Cyber Battle

Whatever the truth of the claims about the networking gear, a sustained cyber battle is almost certainly being pursued by both the U.S. and Iran.

U.S. military officials have acknowledged using offensive cyber capabilities in recent conflicts. In briefings earlier this year, senior defense leaders described cyber units as first movers used to attack an adversary’s communication infrastructure before physical strikes begin.

Iran, according to U.S. authorities, made a series of intrusions into American critical infrastructure, compromising systems tied to oil, gas, and water operations, and causing operational disruptions. The attacks targeted programmable logic controllers, which bridge digital commands and physical machinery.

While the disruptions reported in the U.S. were limited, they show a persistent effort to establish footholds in critical systems that could be leveraged during conflicts.

Independent hacking groups aligned with Iran have also signaled their intent to continue cyber operations regardless of diplomatic developments. Following a recent ceasefire, one such group stated that attacks against U.S. targets would resume when conditions allow. Cyber conflict operates on a separate timeline from conventional warfare.

A key point here: the lack of verifiable evidence highlights the challenge of separating technical reality from information warfare. In a conflict where cyber capabilities are both real tools and instruments of propaganda, claims of sabotage can influence opinions even without confirmation.