WASHINGTON (TNND) — As tensions rise overseas, some U.S. officials are warning about the potential for so-called “sleeper cell” attacks inside the United States. The term often appears in discussions about terrorism and foreign intelligence operations, but experts say it’s important to understand what it actually means—and what evidence exists that they may be operating in the U.S.
A sleeper cell is a covert group of operatives — often spies or terrorists — who infiltrate a target country and remain inactive for a long period of time.
According to intelligence experts, the goal is to blend in completely. Operatives may hold regular jobs, build families, and live quietly in their communities so they don’t attract attention.
AT SEA, UNSPECIFIED – MARCH 1: (EDITOR’S NOTE: This Handout image was provided by a third-party organization and may not adhere to Getty Images’ editorial policy.) In this U.S. Navy released handout, Arleigh Burke-class guided-missile destroyer USS Thomas Hudner (DDG 116) fires a Tomahawk land attack missile in support of Operation Epic Fury, on March 1, 2026 at Sea. Iran’s Supreme Leader, Ayatollah Ali Khamenei, was confirmed killed after the United States and Israel launched a joint attack on Iran on February 28. Iran retaliated by firing waves of missiles and drones at Israel, and targeting U.S. allies in the region. (Photo by U.S. Navy via Getty Images)
They remain dormant until they receive instructions from a handler. That signal could come through direct communication or coded messaging.
Once activated, the mission could range from gathering intelligence to sabotage or even carrying out a terror attack.
Right now, officials say there is no confirmed active Iranian sleeper cell network operating in the United States. However, lawmakers and security experts say it is still a possibility they monitor closely.
Research from the North American and Arctic Defense and Security Network notes that countries unable to win a direct military conflict against the U.S. may rely on asymmetric warfare—strategies designed to weaken an opponent without a conventional battlefield confrontation.
That can include proxy conflicts, cyberattacks, or covert operatives embedded inside another country.
Texas Governor Greg Abbott recently warned that Iranian sleeper cells could be a potential threat following a shooting in Austin where the suspect was reportedly wearing a shirt reading “Property of Allah.” Authorities have been investigating whether the incident had any extremist motivation. Meanwhile, officials intercepted an encrypted message that triggered sleeper activity this week.
Experts say if sleeper cell attacks do occur, they are designed to be difficult to trace and may resemble other forms of violence, such as targeted shootings, bombings, or cyberattacks.
Potential sleeper operatives may remain inactive for years—sometimes decades. Former intelligence officials say patience is the defining feature of sleeper operations. The individuals are trained to stay under the radar until they receive a signal to activate.
In a hypothetical scenario, an operative might spend years studying American culture—watching U.S. television, listening to American music, and learning social norms. When old enough, that person could enter the United States legally, obtain a job, and build a life that appears completely ordinary. They may live that way for years before receiving instructions to carry out a mission.
Traditionally, the term sleeper cell referred to foreign agents sent into a country by a government to live quietly until activation.
But experts say today’s security landscape has evolved. In addition to foreign operatives, threats can also include homegrown or radicalized residents who have been recruited or influenced online by extremist organizations or foreign actors.
These individuals may be citizens or long-term residents who become radicalized through digital propaganda, encrypted messaging, or online communities.
Security analysts say the combination of traditional sleeper agents and locally radicalized individuals can make threats harder to detect because there is no single profile investigators can rely on.
National Headline
