Heightened U.S. Security Alert Following Killing of Iranian Supreme Leader

With U.S. And Israeli forces continuing offensive strikes on Iran, federal counterterrorism authorities are warning that Iran could launch retaliatory strikes on American soil using sleeper cells, affiliated terrorist groups, lone wolf sympathizers, or targeted cyberattacks. The warnings approach after the killing of Iranian Supreme Leader Ayatollah Ali Khamenei on February 28, 2026.

Cryptic Messages and Potential Activation of Sleeper Cells

Within days of Khamenei’s death, cryptic messages were broadcast globally on a new shortwave radio frequency. The messages, delivered in Persian with the phrase “Tavajjoh! Tavajjoh!” (meaning “attention”), consisted of seemingly random strings of numbers. Authorities believe these transmissions, reminiscent of Cold War-era spy communications, may be an encoded operational trigger for “sleeper assets” potentially located within the U.S.

While no credible specific threat has been identified, a memo distributed to local law enforcement agencies, first reported by ABC News, calls for heightened vigilance. The memo describes a “preliminary signals analysis” of the transmission, believed to be of Iranian origin, intended for “clandestine recipients” possessing the decryption key.

Historical Concerns and Recent Plots

Former Los Angeles Police Department counterterrorism head Horace Frank noted that the use of sleeper cells by Iran and its proxies is not new, but the current situation may increase the desperation of those groups. The FBI and the Department of Homeland Security have been on a heightened state of alert since the launch of Operation Epic Fury on February 28.

The Department of Homeland Security has previously assessed that Iran relies on individuals with pre-existing access to the United States for surveillance and plotting attacks. There have been several documented attempts to hire assassins to target U.S. Officials. In 2020, Iran sought to kill former Secretary of State Mike Pompeo and former national security advisor John Bolton in retaliation for the death of Gen. Qassem Suleimani. Shahram Poursafi, a member of Iran’s Islamic Revolutionary Guard Corps, was charged with attempting to hire individuals to assassinate Bolton in Washington and Maryland between October 2021 and April 2022, and remains a fugitive.

More recently, Asif Raza Merchant was convicted in 2024 for a murder-for-hire plot targeting President Trump and others, and attempting to commit an act of terrorism. Merchant received training from the Islamic Revolutionary Guard Corps and attempted to recruit individuals to carry out the attacks, but ultimately interacted with federal agents posing as hitmen. Farhad Shakeri, an Afghan national residing in Tehran, was also charged in 2024 with plotting to assassinate Trump, allegedly at the behest of the Revolutionary Guard.

Past Attacks and the Threat of Lone Wolves

The San Bernardino attack in 2015, carried out by Syed Rizwan Farook and Tashfeen Malik, serves as a wake-up call for homeland security analysts. The attack highlighted the threat of American citizens being radicalized online and the challenges of preventing attacks by individuals with no apparent links to international terrorist networks. Malik pledged allegiance to the leader of the Islamic State group on Facebook shortly before the attack.

Just one day after the targeting of Iranian leadership, Ndiaga Diagne killed three people and wounded 13 in Austin, Texas, before being fatally shot by police. Investigators are investigating a potential connection to terrorism.

Proxy Threats and Border Security Concerns

Counterterrorism experts also warn of the threat posed by Iranian proxies, including militants linked to Hezbollah in Lebanon and the Houthi movement in Yemen. A Rand report details Hezbollah’s extensive network in Latin America. There have been increased concerns regarding border security, with two Iranian nationals on a U.S. Security watch list apprehended at the Texas-Mexico border in 2023. Customs and Border Patrol Commissioner Rodney Scott previously warned that “thousands of Iranian nationals have been documented entering the United States illegally” between 2022 and 2025, with potentially many more evading detection.

Authorities have also noted that individuals with ties to the Iranian government may utilize fraudulent documents to enter the U.S., with a document-forging hub uncovered in São Paulo.

Cybersecurity Threats and Disrupted Communications

U.S. Counterterrorism authorities have long monitored the cyber threat from Iranian-backed hackers, who have been testing vulnerabilities in U.S. Systems and targeting water supply facilities. Following the strikes on Iran, U.S. Cyber Command, in coordination with other agencies, disrupted Iran’s internet connectivity, reducing it to between 1% and 4%, and effectively hindering the country’s ability to communicate and coordinate a response.