Hackers Vow to Continue Cyberattacks Despite Iran-US Ceasefire

Iran-linked hacking group Handala says it will temporarily pause attacks on US but continue targeting Israel

Apr. 8, 2026 at 9:05pm

Got story updates? Submit your updates here. ›

A highly detailed, glowing 3D macro illustration of a programmable logic controller device used in industrial control systems, surrounded by a complex web of digital infrastructure, representing the interconnected nature of critical systems targeted by Iran-linked hackers.Hackers allied with Iran continue to target industrial control systems, even as a fragile ceasefire takes hold between Tehran and its adversaries.Washington Today

An uncertain ceasefire between Iran and the US and Israel is unlikely to stop cyberattacks from hackers allied with Tehran, according to cybersecurity experts. The pro-Iranian hacking group Handala said it would temporarily postpone attacks on the US but continue targeting Israel, vowing to revive efforts against America when the time is right. US authorities have warned that Iranian-backed hackers have infiltrated industrial control systems used in key infrastructure like ports, power plants, and water facilities, urging organizations to bolster their security.

Why it matters

The continued threat of Iranian-linked cyberattacks despite a military ceasefire highlights how digital warfare has become ingrained in modern conflicts. Even temporary truces may do little to stop retaliatory hacking campaigns, which can disrupt critical infrastructure and public services in the US and its allies.

The details

Handala, a pro-Palestinian, pro-Iranian hacking group, has claimed responsibility for disrupting the operations of US medical manufacturer Stryker and hacking into FBI Director Kash Patel's personal email account. The group vowed to continue targeting Israel, saying 'the cyber war did not begin with the military conflict, and it will not end with any military ceasefire.' US authorities have warned that Iranian-backed hackers have infiltrated industrial control systems used in key infrastructure like ports, power plants, and water facilities, urging organizations to bolster their security.

  • The ceasefire between Iran, the US, and Israel was announced recently.
  • Handala said it would temporarily pause attacks on the US but continue targeting Israel.

The players

Handala

A pro-Palestinian, pro-Iranian hacking group that operates independently of Tehran and has claimed credit for various cyberattacks, including disrupting the operations of US medical manufacturer Stryker and hacking into FBI Director Kash Patel's personal email account.

Kash Patel

The current FBI Director.

US Authorities

Warned that Iranian-backed hackers have infiltrated industrial control systems used in key infrastructure like ports, power plants, and water facilities.

Got photos? Submit your photos here. ›

What they’re saying

“We did not begin this war, but we will be the ones to finish it. And let it be clear: The cyber war did not begin with the military conflict, and it will not end with any military ceasefire.”

— Handala, Hacking Group

“With a ceasefire, we will likely see an expansion of cyber activity both in scale and scope. These groups will likely try to execute a high-profile attack such as what we saw with Stryker.”

— Markus Mueller, Cybersecurity Executive, Nozomi Networks

What’s next

US authorities and cybersecurity experts warn that potential targets in the US and Israel should remain vigilant and continue to bolster their security measures, as the ceasefire may do little to stop retaliatory cyberattacks from Iran-linked hackers.

The takeaway

The continued threat of Iranian-linked cyberattacks despite a military ceasefire underscores how digital warfare has become an integral part of modern conflicts. Even temporary truces may do little to stop retaliatory hacking campaigns, which can disrupt critical infrastructure and public services in the US and its allies.