Iran Named 18 U.S. Tech Companies as "Legitimate Targets." It Already Struck AWS.

The April 1 Threat List

On Tuesday, March 31, 2026, Iran's Islamic Revolutionary Guard Corps posted a warning to its official Telegram channel stating that Iranian forces would begin attacking American technology companies in the Middle East starting Wednesday at 8 p.m. local Tehran time (12:30 p.m. EDT), according to CNBC, which cited a Google-translated version of the post.

The IRGC post stated: "From now on, for every assassination, an American company will be destroyed," according to CNBC.

CNBC reported the list as 18 companies designated "legitimate targets": Cisco, HP, Intel, Oracle, Microsoft, Apple, Google, Meta, IBM, Dell, Palantir, Nvidia, JP Morgan Chase, Tesla, GE, Spire Solutions, Boeing, and UAE-based AI company G42. Foreign Policy reported a slightly different count of 17 U.S. companies plus G42, with the same core list. WIRED reported the list as "more than a dozen" companies, naming Apple, Google, IBM, Intel, Microsoft, Tesla, and Boeing specifically.

The IRGC warned employees at the targeted companies to leave their workplaces immediately and told civilians within 1 kilometer of their facilities to evacuate, according to Foreign Policy.

The IRGC stated that the threatened attacks were in retaliation for U.S. assassinations in Iran and for these companies' involvement in U.S. defense contracts, according to Foreign Policy. Palantir was specifically cited by WIRED as a high-value target: the company builds the data architecture for Project Maven, a Pentagon AI program that processes drone and satellite imagery to identify airstrike targets, and maintains a corporate office in Abu Dhabi.

Most of the named companies did not immediately respond to WIRED's and CNBC's requests for comment. Google, Microsoft, and JP Morgan declined to comment. Intel told CNBC: "The safety and wellbeing of our team is our number one priority. We are taking steps to safeguard and support our workers and facilities in the Middle East and are actively monitoring the situation."

What Already Happened: The AWS Strike on March 1

The April 1 threat list is not the first time Iran has acted on such warnings. On approximately March 1–2, 2026 — two to three days after the U.S.-Israel war against Iran began on February 28 — Iranian drones struck Amazon Web Services data centers in the United Arab Emirates and Bahrain.

Amazon Web Services confirmed in a statement reported by Reuters: "In the UAE, two of our facilities were directly struck, while in Bahrain, a drone strike in close proximity to one of our facilities caused physical impact to our infrastructure."

WIRED described the strike as "the first publicly confirmed attack on American-owned hyperscale cloud infrastructure." Banking sites, payment processors, and consumer services across the Gulf region crashed as redundancies designed to prevent outages were taken offline, according to WIRED. Al Jazeera noted that the attack on the UAE facilities "was the first time military action had disrupted a major U.S. tech company's data centre."

The strikes came days after the IRGC had, on March 11, threatened to attack "economic centres and banks" related to U.S. and Israeli entities in the region, according to Al Jazeera — a pattern of warning followed by action that the current April 1 list repeats.

The Prior Warning: A Published List of 29 Facilities

Between the AWS strike and the April 1 threat, Iran escalated its targeting further. Earlier in March, the IRGC-affiliated Tasnim News Agency published a list of 29 regional offices and data centers operated by major firms including Amazon, Google, IBM, Nvidia, and Palantir, accusing those firms of supporting U.S. military and intelligence activities, according to WIRED.

The April 1 Telegram post narrows and formalizes that list into 18 named companies with a specific deadline, representing a shift from general designation to an actionable strike notice.

Why These Companies Are Targeted

The IRGC's rationale centers on the role of commercial technology companies in the U.S. military's targeting and operational infrastructure. The clearest example is Palantir, whose Project Maven AI system helps the Pentagon process drone and satellite imagery for airstrike targeting, per WIRED. Boeing manufactures the B-52 bombers that the U.S. military began flying over Iranian territory for the first time, according to Foreign Policy, citing Joint Chiefs of Staff chairman Gen. Dan Caine's confirmation on March 31.

The IRGC labeled the targeted companies "legitimate targets" responsible for "providing the technology that enabled the joint US-Israeli attacks that killed Supreme Leader Ali Khamenei at the start of the war," according to WIRED.

Billions of dollars in U.S. technology infrastructure are concentrated in the Gulf. American tech companies have invested heavily in the region as a hub for AI development, drawn by cheap energy and available land, per CNBC. This concentration makes the region simultaneously economically important to those firms and physically vulnerable to Iranian drone operations.

The U.S. Military Response to Drone Threats

The U.S. military has responded to Iran's drone campaign throughout March by conducting airstrikes on IRGC drone networks, with U.S. Central Command releasing footage of strikes destroying mobile launchers, according to WIRED. The aerial campaign against Iranian drone infrastructure slowed in recent days as the U.S. temporarily paused some strikes, per WIRED.

Foreign Policy reported on March 31 that Defense Secretary Pete Hegseth warned the "next few days of the Iran war will be decisive," and that U.S. forces had bombed an ammunition depot in Esfahan using 2,000-pound bunker-buster bombs.

What This Means

The IRGC's willingness to act on prior threat lists — as demonstrated by the AWS strikes — gives the April 1 warning credibility that a purely rhetorical threat list would not have. The pattern: public warning, brief interval, physical strike.

The targeting of commercial civilian infrastructure, rather than purely military assets, raises questions under international humanitarian law. Under the laws of armed conflict, civilian objects are generally protected from attack unless they make an effective contribution to military action. The IRGC's stated basis — that tech firms provide targeting technology — is the same logic that Israel has used to justify strikes on journalists it accuses of Hezbollah links, a parallel that the Committee to Protect Journalists has called a "disturbing pattern" (in the context of journalist targeting, per BBC).

Whether April 1's stated deadline translates to executed strikes could not be confirmed at time of publication. The IRGC has previously issued threats with specific deadlines that were not always acted upon immediately. What is confirmed: the precedent of the AWS strikes on March 1 means the list of 18 companies should be treated as a credible operational warning, not purely a propaganda statement.