WASHINGTON (AP) — Pro-Iranian hackers are increasingly targeting sites in the Middle East and beginning to extend their reach into the United States as the conflict escalates. This raises concerns that American defense contractors, power plants, and water facilities may become victims of widespread digital disruption, especially if Tehran’s allies get involved.
On Wednesday, hackers aligned with Iran claimed responsibility for a major cyber assault on Stryker, a U.S. medical device manufacturer. Since the onset of the conflict on February 28, they have attempted to infiltrate cameras in Middle Eastern nations to enhance Iran’s missile operations. Their attacks have included data centers in the region, industrial sites in Israel, a school in Saudi Arabia, and an airport in Kuwait.
Iran has heavily invested in its cyber warfare capabilities and built relationships with various hacking groups. In recent years, those supporting Tehran have breached the email systems of President Donald Trump’s campaign, targeted American water facilities, and attempted to compromise military and defense networks.
Their objective is to erode American military efforts, escalate energy costs, strain cyber resources, and inflict maximum disruption on U.S. businesses reliant on the defense sector.
“Something is going to happen because the gloves are off,” noted Kevin Mandia, founder of the cybersecurity firms Mandiant and Armadin.
Targeted Victims
Pro-Iranian, pro-Palestinian hackers have claimed responsibility for compromising systems at Stryker, with a group called Handala stating that the attack was a response to U.S. strikes that reportedly killed Iranian children.
Unlike financially motivated hackers, Handala’s focus is on data destruction, as explained by Ismael Valenzuela, vice president of threat intelligence at Arctic Wolf.
Recent investigative efforts by Polish authorities into a cyberattack on a nuclear research facility may indicate Iranian involvement, though they caution that other groups could also be operating under the guise of this conflict.
Going forward, U.S. defense contractors, governmental vendors, and businesses collaborating with Israel are at heightened risk, alongside critical infrastructure such as hospitals, ports, and energy facilities.
Pro-Iranian hackers are known to openly communicate their strategies on platforms like Telegram and other online forums.
“The data centers need to be taken out,” one user remarked, highlighting targets essential to U.S. military communication and targeting systems, as discovered by researchers from the SITE Intelligence Group.
Cyber operations also serve intelligence-gathering purposes; for instance, Iran’s attempts to access cameras in neighboring nations assist in missile targeting. Infiltrating U.S. networks could provide insights into military strategies and supply chains.
Attacking Vulnerable Targets
Strikes on Iran’s military and internet outages may have temporarily hindered their cyber operations, but experts believe Iranian hackers will seek quick wins by targeting the most vulnerable points in U.S. cybersecurity.
Local water facilities and healthcare institutions often lack the resources and expertise to apply modern software updates or implement necessary security measures, making them attractive targets due to their penetrability and the potential for public panic arising from these disruptions.
Possible attack methods include denial-of-service attacks, designed to flood networks so that legitimate users cannot gain access, and website defacements that obstruct communication with customers. Hack-and-leak operations, involving threats to publish sensitive stolen information, are also a risk.
While the sophistication of such attacks may be low, former FBI and CIA official turned cybersecurity expert Shaun Williams warns that organizations neglecting their cybersecurity could face significant consequences.
“Regularly update your systems and ensure firewalls and security solutions are current. Remove outdated accounts. All aspects of cybersecurity hygiene are more crucial now than ever. Be ready for disruptions,” Williams emphasized.
Iran as a Chaos Agent in Cyber Operations
While Russia and China are viewed as the primary cybersecurity threats to the U.S., and North Korea is of increasing concern, experts argue that Iran compensates for its lower resources with creative tactics.
In recent years, Iranian cyber operatives have impersonated American activists online to secretly incite protests against Israel at universities. They have also created fake news websites and social media accounts designed to disseminate misleading information ahead of significant U.S. elections.
In 2024, Iranian hackers accessed Trump’s campaign email system and attempted to leak files they claimed to have stolen. Hackers aligned with Iran also sought to penetrate the WhatsApp accounts of Trump and then-Democratic contender Joe Biden.
This spurred a public warning from the Department of Homeland Security last year about the potential Iranian cyber threats.
“Iran, particularly through its proxies, is undeterred by the size or intelligence of its targets. It’s about creating impact and chaos,” remarked James Turgal, a cybersecurity specialist and former FBI agent now working with Optiv, a security firm based in Denver.
Monitoring Future Moves by Russia and China
Experts are vigilantly observing whether Russia, China, or hacking groups linked to either nation offer cyber support to Iran, aiming to disrupt American operations in Iran and complicate U.S. military efforts.
While China has thus far maintained a cautious stance, there are indications that pro-Iranian hackers in Russia are stepping up their activities. CrowdStrike researchers have reported a rise in Russian hacking efforts favoring Tehran since the conflict’s escalation.
A specific group, Z-Pentest, has claimed responsibility for yesterday’s disruptions across several U.S. networks, including some related to closed-circuit television systems.
With evidence suggesting a direct relationship between the attack and U.S. interests amid the Iranian conflict, Adam Meyers, head of counter adversary operations at CrowdStrike, cautioned, “Westerns should remain on high alert.”
What do YOU think? Click here to jump to the comments!
