Pro-Iranian hacking groups have launched a wave of cyberattacks across the Middle East and are increasingly targeting networks in the United States as the war involving Iran intensifies, raising concerns about potential disruption to critical infrastructure and defense-related industries.
Hackers aligned with Tehran claimed responsibility for a major cyberattack on Stryker, a Michigan-based medical technology company, on Wednesday. The attack is part of a broader campaign that has targeted data centers, industrial facilities in Israel, a school in Saudi Arabia, and an airport in Kuwait.
Security analysts say the cyber operations are designed to disrupt Western infrastructure, raise the costs of the war effort, and create economic and technological pressure on companies tied to defense industries.
The pro-Iranian hacking group Handala claimed responsibility for disrupting Stryker’s systems, saying the attack was retaliation for alleged U.S. strikes that killed Iranian schoolchildren. Experts say the group’s primary aim is not financial gain but data destruction and disruption.
“What distinguishes this group is its clear focus on data destruction rather than financial extortion,” said Ismael Valenzuela, vice president of threat intelligence at the cybersecurity company Arctic Wolf.
According to cybersecurity researchers, pro-Iranian hackers have also attempted to infiltrate surveillance cameras in Middle Eastern countries to improve missile targeting capabilities, highlighting the role cyber operations now play alongside conventional military strategies.
Iran has significantly expanded its cyber warfare capabilities in recent years, building relationships with multiple hacking collectives and investing in offensive digital operations. Groups linked to Tehran have previously targeted U.S. water plants, defense contractors and political campaigns.
In 2024, hackers connected to Iran infiltrated the email systems of the presidential campaign of Donald Trump and attempted to access messaging accounts belonging to both Trump and Joe Biden, according to cybersecurity officials.
Authorities in Poland are also investigating a cyberattack on a nuclear research facility that may have links to Iranian-aligned hackers, although investigators have not ruled out the possibility that another group carried out the attack while posing as Iranian actors.
Experts warn that future cyberattacks may increasingly target “soft” infrastructure such as hospitals, water plants, rail systems and local government networks, which often lack strong cybersecurity defenses.
Former intelligence officer Shaun Williams, now with the cybersecurity firm SentinelOne, said organizations must urgently strengthen their digital defenses. “Patch your systems. Ensure your firewalls and security solutions are up to date. Remove stale accounts. Cyber hygiene is more critical now than ever,” he warned.
While Russia and China remain the largest cyber threats to the United States, analysts say Iran has built a reputation as a disruptive “chaos agent” in cyberspace, capable of causing widespread disruption even with fewer resources.
Researchers from the cybersecurity firm CrowdStrike have already detected increased activity by Russian-linked hackers working in support of Tehran since the conflict began. One group, Z-Pentest, claimed responsibility for breaching several U.S. networks, including those linked to closed-circuit camera systems.
Security officials say the situation remains fluid, warning that further cyberattacks could target Western infrastructure if the conflict escalates or if additional state-aligned hacking groups join the campaign.