On April 21, 2026, the Iranian Ministry of Information and Communications Technology (ICT) issued a formal report alleging that critical networking infrastructure manufactured by U.S.-based companies Cisco Systems and Juniper Networks was intentionally disabled during a series of military strikes. According to the state-run Islamic Republic News Agency (IRNA), the hardware failures coincided precisely with kinetic operations targeting energy and telecommunications hubs in several provinces, including Tehran, Isfahan, and Khuzestan.
The ICT report specified that over 1,400 core routing and switching units, primarily Cisco Catalyst 9000 series switches and Juniper MX-series Universal Routing Platforms, became unresponsive at approximately 03:15 UTC. Iranian technical teams claim that the devices did not suffer physical damage from the strikes but instead experienced a logical shutdown. Preliminary forensic analysis cited by Iranian officials suggests the activation of a previously undocumented firmware vulnerability or a kill switch embedded in the operating systems—specifically Cisco IOS XE version 17.9 and Juniper Junos OS version 22.4.
The disruption resulted in a total loss of connectivity for approximately 18% of Iran's domestic internet backbone for a duration of six hours. Affected services included government data centers, regional power grid monitoring systems, and civilian telecommunications networks. The ICT Ministry stated that the affected hardware had been procured through third-party vendors over the last five years to bypass existing trade sanctions. Iranian engineers reported that the devices failed to reboot, displaying unauthorized firmware errors that prevented the restoration of network traffic.
Brigadier General Gholamreza Jalali, head of Iran’s Civil Defense Organization, stated that the event constitutes electronic warfare facilitated by supply chain compromise. He alleged that the equipment was programmed to recognize specific external signals or respond to a coordinated remote command to enter a bricked state. Iranian authorities have invited international observers to review the logs of the disabled devices, though no independent verification has been conducted as of the evening of April 21.
In response to the allegations, a spokesperson for Cisco Systems stated that the company is aware of the reports but has found no evidence of unauthorized backdoors or kill switches in its products. Cisco emphasized that it complies with all international export controls and does not provide hardware or support to sanctioned entities in Iran. Similarly, Juniper Networks issued a statement denying the existence of intentional vulnerabilities, suggesting that the outages could be the result of sophisticated external cyberattacks or electromagnetic interference rather than internal hardware triggers. Both companies noted that they have not had official business relationships with the Iranian government for several decades due to U.S. Department of the Treasury regulations.