On Friday, June 26, the Everbridge mass emergency notification system experienced an outage due to a distributed denial-of-service (DDOS) attack, which lasted overnight until June 27. Additionally, on June 28 the US National Weather Service was targeted in a DDOS attack that cause an outage of a few hours. Responsibility for both incidents were claimed by “313 Team,” a pro-Iran, Iraq-based cyber threat group. The group is part of the Islamic Cyber Resistance collective, has ties to Iran’s Ministry of Intelligence and Security (MOIS), and has targeted multiple Western websites — including eBay, Bluesky, and Spotify — since the recent US conflict with Iran began in February, though the group has been active since 2023.

While DDOS attacks are often considered less significant than other cyber threats, these two incidents highlight the potential public safety implications of typical hacktivist threat activity, and the need for organizations to proactively establish DDOS protections and response plans to prevent or limit the impact of an attack.
Note: With Iran’s elimination from the FIFA World Cup and strikes continuing in and around the Strait of Hormuz, the possibility of additional cyber threat activity against US targets is plausible. As we are now in the knockout stage of the World Cup, the match locations and focus becomes more concentrated, the targeting may become more directed.

Recommendations

Review the NJCCIC’s DDOS Attack Types and Mitigation Strategies, the Cybersecurity and Infrastructure Security Agency (CISA’s) Understanding and Responding to Distributed Denial-Of-Service Attacks , and the Multi-State Information Sharing and Analysis Center (MS-ISAC’s) Guide to DDoS Attacks for information on DDOS attacks and mitigation recommendations, which include:

  • Establish and maintain effective partnerships with your upstream network service provider and know what assistance they can provide you in the event of a DDoS attack.
  • Consider establishing relationships with companies that offer DDoS mitigation services.
  • Configure firewalls and intrusion detection/prevention devices to alarm on traffic anomalies.
  • Configure firewalls only to accept traffic detailed in your organization’s security policy as required for business purposes.
  • Ensure all software is up to date, as vulnerabilities could be exploited to allow your servers to be used for attacks.

Reporting
The NJCCIC encourages recipients who discover signs of malicious cyber activity to contact the NJCCIC via the cyber incident report form at www.cyber.nj.gov/report.
Please do not hesitate to contact the NJCCIC at njccic@cyber.nj.gov with any questions. Also, for more background on our recent cybersecurity efforts, please visit cyber.nj.gov.

Published in the NJCCIC Advisory for June 29, 2026