Cyberattacks have emerged as a central front in the escalating confrontation between Iran, United States, and Israel, with state-linked hacker groups intensifying operations against critical infrastructure, corporations, and government networks.
A recent high-profile breach involved Stryker, which confirmed on March 11 that a cyberattack disrupted its global network. According to The Wall Street Journal, employees discovered the logo of Handala displayed on login pages, signaling responsibility for the attack.
The breach targeted the company’s Microsoft cloud environment, specifically its Intune management platform. Handala claimed it remotely wiped more than 200,000 devices across 79 countries — a масштаб that, if verified, would represent one of the most disruptive cyber operations in recent years.
The group framed the attack as retaliation for a reported missile strike on a girls’ school in Minab, Iran, which allegedly killed over 160 people. While such claims remain difficult to independently verify, they underscore how cyber operations are increasingly tied to narratives of revenge and psychological warfare.
Security analysts point to a broader campaign involving multiple Iran-linked groups. A report by CloudSek identified actors associated with the Islamic Revolutionary Guard Corps, including CyberAv3ngers, APT33, and APT55, as key players targeting U.S. infrastructure.
These groups have reportedly focused on industrial control systems — the backbone of physical infrastructure such as water treatment facilities, power grids, and manufacturing lines. Techniques include exploiting weak or default passwords, deploying malware, and attempting to disable security systems, raising concerns about potential real-world disruption beyond the digital sphere.
Meanwhile, Iran’s Ministry of Intelligence and Security is said to be coordinating with groups such as MuddyWater, APT34, and Handala to conduct espionage and disruptive operations against both U.S. and Israeli targets. These efforts include infiltrating telecommunications, oil and gas sectors, and government institutions to gather intelligence and enable follow-on attacks.
Handala has also claimed responsibility for deleting over 40 terabytes of data from servers at the Hebrew University of Jerusalem and breaching Verifone systems in Israel — although the latter denied any compromise, highlighting the murky and contested nature of cyber conflict claims.
The cyber battlefield is not one-sided. The U.S. Cyber Command has played a leading role in what officials describe as “Operation Epic Fury,” disrupting Iranian communication and sensor networks. According to senior U.S. military figures, these actions temporarily degraded Iran’s ability to coordinate and respond effectively.
U.S. Defense Secretary Pete Hegseth has also confirmed the use of artificial intelligence and advanced cyber tools as part of Washington’s broader military strategy. Reports from Financial Times suggest Israeli intelligence agencies have leveraged hacked traffic camera systems in Tehran to support high-level targeting operations, including efforts aimed at figures such as Ali Khamenei.
This expanding cyber conflict illustrates a profound shift in modern warfare, where digital attacks complement conventional military operations. The lack of clear rules, attribution challenges, and the potential for civilian infrastructure disruption make cyber warfare one of the most unpredictable and dangerous dimensions of the current Iran-linked conflict.
