The first missile strikes hadn’t even cooled before Iranian-linked hackers were moving. When the U.S. and Israel launched military operations against Iran on February 28, 2026, Tehran’s cyber forces answered not with silence but with a systematic campaign against American infrastructure, one that has since moved well beyond reconnaissance into confirmed, disruptive attacks on United States soil.
The most striking blow came on March 11, when the Handala group — widely assessed as a front for an IRGC-sponsored threat actor — hit Michigan-based medical technology giant Stryker, wiping nearly 80,000 Windows devices, stealing 50 terabytes of data, and causing severe disruptions that materially impacted the company’s first-quarter earnings. Emergency responders across Maryland lost access to the electrocardiogram transmission system used to relay patient data to hospitals. The FBI later seized two domains that Handala used to leak the stolen data. It was, analysts noted, only the beginning.
Click here to read more: Iran’s Digital War Machine Targeting U.S. Infrastructure