Iranian Cyber Groups Expand Attacks on US Companies, Infrastructure During Conflict

Cybersecurity experts warn that Iranian-backed hacking groups are increasingly targeting American businesses and critical infrastructure as regional conflicts escalate. The hackers recently claimed responsibility for attacking medical device company Stryker and are focusing on defense contractors, power grids, and water systems.

WASHINGTON — Cybersecurity professionals are sounding alarms as Iranian-supported hacking organizations expand their digital assault on American companies and infrastructure amid ongoing Middle Eastern conflicts.

Iranian-backed cyber groups took credit for a major digital assault on Wednesday targeting Stryker, a Michigan-based medical technology corporation. Since late February when hostilities began, these digital attackers have attempted to compromise surveillance cameras across Middle Eastern nations to enhance Iran’s missile guidance systems. Their targets have included regional data facilities, Israeli industrial sites, a Saudi Arabian educational institution, and a Kuwaiti airport.

Tehran has made substantial investments in developing offensive digital warfare capabilities while building relationships with various hacking organizations. Over recent years, Iranian-aligned groups have breached former President Donald Trump’s campaign email servers, attempted to compromise American water treatment facilities, and sought to infiltrate military and defense contractor networks.

Their strategy focuses on weakening American military operations, increasing energy costs, overwhelming cybersecurity resources, and inflicting maximum damage on companies supporting the defense sector.

“Something is going to happen because the gloves are off,” stated Kevin Mandia, who founded cybersecurity firms Mandiant and Armadin.

A collective calling itself Handala, which supports Iranian and Palestinian causes, claimed responsibility for disrupting Stryker’s operations. The group justified their attack as revenge for alleged American strikes that reportedly killed Iranian students.

Unlike financially motivated cybercriminals, Handala operates from ideological convictions, explained Ismael Valenzuela, who serves as vice president of threat intelligence at Arctic Wolf cybersecurity company.

“What distinguishes this group is its clear focus on data destruction rather than financial extortion,” Valenzuela noted in written comments.

Polish investigators are examining a recent cyber incident targeting a nuclear research center that may connect to Iran, though officials acknowledge other groups might be responsible and using current conflicts to hide their true identity.

Moving forward, American defense contractors, government suppliers, and Israeli business partners face heightened risk, along with essential infrastructure including medical centers, shipping ports, water treatment plants, electrical grids, and transportation systems.

Iranian-affiliated hackers openly share their strategies through Telegram and similar online platforms.

“The datacenters need to be taken out,” one user posted, according to research from the SITE Intelligence Group. “They host the brains of USAs military communication and targeting systems.”

These digital operations also serve intelligence gathering purposes — such as Iran’s attempts to access neighboring countries’ camera systems to improve missile accuracy. Breaking into American networks would provide insight into military strategies and supply chain operations.

Recent military strikes against Iran and internet disruptions may have temporarily reduced Tehran’s cyber capabilities. However, security experts predict Iranian hackers and their supporters will pursue quick wins by exploiting America’s most vulnerable cybersecurity weaknesses.

Frequently, municipal water systems and healthcare organizations lack sufficient funding and expertise to implement current software updates or other protective measures. This makes them attractive targets due to both their accessibility and the public alarm such disruptions create.

Attack methods may include denial-of-service campaigns that overwhelm networks to block legitimate users, website alterations that prevent customer communication, and hack-and-leak schemes threatening to publish stolen confidential information.

The techniques aren’t particularly advanced, according to Shaun Williams, a former FBI and CIA operative now serving as senior director at SentinelOne cybersecurity firm. However, organizations that have neglected their digital security could face severe consequences, he warned.

“Patch your systems. Ensure your firewalls and security solutions are up to date,” Williams advised. “Remove your stale accounts. All the cyber hygiene that you should be doing, it’s more critical now than ever. Prepare for disruption.”

While Russia and China pose the most significant cyber risks to America, with North Korea emerging as an increasing threat, Iran compensates for limited resources through creative approaches, specialists note.

Recently, Tehran’s digital operatives have masqueraded as American activists online to secretly promote anti-Israel demonstrations on university campuses. They’ve established fraudulent news sites and social media profiles designed to spread misleading information before major elections.

During 2024, Iranian hackers penetrated Trump’s campaign email system and subsequently attempted to distribute files they claimed to have stolen. Iran-connected hackers also tried accessing WhatsApp accounts belonging to both Trump and his Democratic rival, President Joe Biden.

This activity led the Department of Homeland Security to release a public alert about Iranian cyber dangers.

“Iran and especially the proxies don’t care how big or smart you are. This is about making an impact, about creating chaos,” said James Turgal, a cybersecurity specialist with 22 years of FBI experience who now works as vice president at Denver-based Optiv security firm.

Analysts are monitoring whether Russia, China, or their allied hacking groups will assist Iran with digital attacks designed to undermine American operations and complicate sustained military engagement.

Although China has maintained a cautious stance, evidence suggests pro-Iranian hackers in Russia are already active. CrowdStrike cybersecurity researchers identified increased activity from Russian hackers supporting Tehran since conflicts began.

A group called Z-Pentest claimed responsibility for disrupting multiple American networks, including closed-circuit camera systems.

The attack timing indicates hackers were targeting American interests due to Iranian conflicts, according to Adam Meyers, who leads counter adversary operations at CrowdStrike.

“Western organizations should continue to remain on high-alert,” Meyers stated.