Iran-linked Hackers Target U.S. and Allies Amid War

Cyberattacks raise risk of disruption to critical infrastructure and defense contractors

Mar. 12, 2026 at 9:20pm

Got story updates? Submit your updates here. ›

Pro-Iranian hackers have claimed responsibility for a series of cyberattacks targeting U.S. and Middle Eastern organizations, including a significant attack on medical device company Stryker. The hackers, known as Handala, say the attacks are in retaliation for suspected U.S. strikes that killed Iranian schoolchildren. Experts warn that the risk of disruptive cyberattacks is rising as the war continues, with defense contractors, government vendors, and critical infrastructure like hospitals, power plants, and water facilities potentially in the crosshairs.

Why it matters

The escalating cyber campaign by Iran-linked hackers poses a growing threat to U.S. national security and economic interests. The attacks aim to undermine the American war effort, drive up energy costs, and sow chaos through disruptions to key industries and infrastructure. As the conflict continues, the risk of more widespread and damaging cyberattacks is increasing, potentially drawing in other state-backed hacking groups allied with Iran.

The details

The hackers supporting Iran have targeted a range of organizations, including infiltrating cameras in the Middle East to aid Iran's missile targeting, disrupting data centers, and attacking industrial facilities in Israel, a school in Saudi Arabia, and an airport in Kuwait. In the latest high-profile incident, the group Handala claimed responsibility for a cyberattack on U.S. medical device maker Stryker, saying it was in retaliation for suspected U.S. strikes that killed Iranian schoolchildren. Experts warn that pro-Iranian hackers are likely to continue targeting U.S. defense contractors, government vendors, and critical infrastructure like hospitals, power plants, and water facilities, taking advantage of weaker cybersecurity at these organizations.

  • On March 9, 2026, pro-Iranian hackers claimed responsibility for a cyberattack on U.S. medical device company Stryker.
  • Since the start of the war on February 28, 2026, the hackers have also tried to infiltrate cameras in the Middle East to aid Iran's missile targeting and have targeted data centers, industrial facilities in Israel, a school in Saudi Arabia, and an airport in Kuwait.

The players

Handala

A pro-Iranian, pro-Palestinian hacking group that claimed responsibility for the cyberattack on Stryker, saying it was in retaliation for suspected U.S. strikes that killed Iranian schoolchildren.

Stryker

A U.S. medical device company that was the target of a significant cyberattack claimed by the pro-Iranian hacking group Handala.

Got photos? Submit your photos here. ›

What’s next

Experts warn that the risk of more widespread and damaging cyberattacks is increasing as the conflict continues, potentially drawing in other state-backed hacking groups allied with Iran. Organizations should take steps to strengthen their cybersecurity, including patching systems, updating firewalls and security solutions, and removing stale accounts.

The takeaway

The escalating cyber campaign by Iran-linked hackers poses a growing threat to U.S. national security and economic interests, with the potential to undermine the American war effort, drive up energy costs, and cause widespread disruption to critical infrastructure and key industries. As the conflict continues, organizations must remain vigilant and take proactive measures to bolster their cybersecurity defenses.