Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long

Hackers backing Tehran say an uncertain ceasefire between Iran and the United States and Israel won’t end their retaliatory cyberattacks, a warning that American cybersecurity experts say potential targets in the U.S. and Israel should take seriously. One leading hacking group known as Handala said after the ceasefire announcement that it was temporarily postponing attacks on the U.S. but would continue to target Israel. It vowed to revive its efforts against America when the time was right — demonstrating again how digital warfare has become ingrained in military conflict. Already, the two-week ceasefire appears at risk of fraying over significant disagreements between the parties, which each are claiming victory in the war. A pro-Palestinian, pro-Iranian network that operates independently of Tehran, Handala has claimed credit for disrupting the operations of the U.S. medical manufacturer Stryker and hacking into FBI Director Kash Patel’s personal email account, among other cyberattacks. The group is just one of several proxy hacking networks allied with Iran. “We did not begin this war, but we will be the ones to finish it,” Handala wrote on its X account. “And let it be clear: The cyber war did not begin with the military conflict, and it will not end with any military ceasefire.” U.S. authorities warned on Tuesday that hackers supporting Iran had burrowed into internet-connected computers used to automate and control technology in a variety of important industrial sectors. The computers, known as programmable logic controllers, are used in ports, power plants and water plants — key targets for foreign hackers looking to disrupt everyday life in the U.S. In a joint advisory from the FBI, National Security Agency and Cybersecurity and Infrastructure Security Agency, officials urged organizations that use the technology to ensure their security precautions were up-to-date. CISA did not immediately respond to questions Wednesday about the impact that the ceasefire would have on cybersecurity. Cybersecurity experts say the warning should be taken seriously by potential targets regardless of the sides announcing a temporary truce. Markus Mueller, a cybersecurity executive at Nozomi Networks, said he anticipates an increase in cyberattacks on American organizations following the ceasefire, not a decrease. That’s because any lull in hostilities would allow hackers to shift from regional targets directly involved in the conflict to efforts to infiltrate U.S. organizations that participated in the war effort in some way, a list that includes data centers, tech companies and defense contractors. He also predicted that some groups based in Iran or Russia may seek to circumvent the truce by launching a significant cyberattack on a U.S. target that is designed to attract the attention of the American public. “With a ceasefire, we will likely see an expansion of cyber activity both in scale and scope,” Mueller said. “These groups will likely try to execute a high-profile attack such as what we saw with Stryker.” So far, the attacks attributed to pro-Iranian hackers have been high in volume but low in impact, designed to boost morale among Iran’s supporters while reminding its opponents of continued vulnerabilities despite their military advantages. Handala claimed responsibility last month for hacking Stryker, a major medical equipment supply company based in Michigan. Handala claimed the hack was in retaliation for strikes that killed Iranian schoolchildren. The FBI responded by seizing four internet web addresses used by the group to spread its message. Handala then leaked several old photos of Patel after saying it had hacked into the FBI director’s personal email account. Other pro-Iranian hackers have been linked to efforts to install malware on the phones of Israelis, penetrate cameras in Middle Eastern countries to improve Iran’s missile targeting, and target data centers and industrial facilities in Israel, Saudi Arabia and Kuwait. Related: Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks Related: Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury Related: Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare Related: Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool WRITTEN BY Associated Press More from Associated Press Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare Pro-Iranian Hacking Group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool 3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China Iran-Linked Hackers Take Aim at US and Other Targets, Raising Risk of Cyberattacks During War Pentagon’s Chief Tech Officer Says He Clashed With AI Company Anthropic Over Autonomous Warfare FBI Investigating ‘Suspicious’ Cyber Activity on System Holding Sensitive Surveillance Information Latest News Data Leakage Vulnerability Patched in OpenSSL RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years FBI: Cybercrime Losses Neared $21 Billion in 2025 Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption  Evasive Masjesu DDoS Botnet Targets IoT Devices Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move Pamela McLeod has been named as CISO of the state of New Hampshire. Aspen Digital has named Matt Altomare as its new Senior Director for Cybersecurity Programs. Scott Goree has been appointed Senior Vice President of Channel and Alliances at Delinea. More People On The Move Expert Insights The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) Flipboard Reddit Whatsapp Email