Iran-Backed Hackers Vow to Ramp Up Cyberattacks Despite Ceasefire

Cybersecurity experts warn of expanded hacking efforts targeting U.S. organizations after temporary truce between Iran, U.S. and Israel.

Apr. 8, 2026 at 7:56pm

Got story updates? Submit your updates here. ›

A highly detailed, glowing 3D macro illustration of a programmable logic controller device used in industrial control systems, surrounded by a complex web of luminous, interconnected cybernetic hardware elements, conceptually representing the vulnerabilities targeted by Iran-linked hackers.Glowing cybernetic infrastructure highlights the persistent threat of Iranian-backed hackers targeting critical systems, even as military conflict appears to be on pause.Washington Today

Hackers allied with Iran say a shaky ceasefire between the country and the U.S. and Israel won't stop their retaliatory cyberattacks, with one group vowing to revive efforts against America when the time is right. U.S. authorities have warned that Iranian-backed hackers have infiltrated industrial control systems used in critical infrastructure like ports, power plants, and water facilities, posing a serious threat even as the military conflict appears to be on pause.

Why it matters

The warning highlights how digital warfare has become deeply ingrained in modern military conflicts, with hackers able to continue targeting adversaries even when traditional fighting has temporarily halted. Cybersecurity experts say the ceasefire may actually embolden Iran-linked groups to expand the scale and scope of their attacks, potentially leading to high-profile incidents designed to grab public attention.

The details

The pro-Palestinian, pro-Iranian hacking group Handala has claimed responsibility for disrupting the operations of U.S. medical manufacturer Stryker and hacking into FBI Director Kash Patel's personal email account, among other cyberattacks. Handala vowed to temporarily postpone attacks on the U.S. but continue targeting Israel, warning that it would revive efforts against America when the time was right.

  • The ceasefire between Iran, the U.S. and Israel was announced in early April 2026.
  • Handala said it was temporarily postponing attacks on the U.S. but would continue targeting Israel after the ceasefire announcement.

The players

Handala

A pro-Palestinian, pro-Iranian hacking group that operates independently of Tehran and has claimed credit for disrupting the operations of U.S. companies and hacking government officials.

Kash Patel

The current FBI Director, whose personal email account was allegedly hacked by the Handala group.

Stryker

A major U.S. medical equipment supply company that was targeted in a cyberattack claimed by the Handala group.

Got photos? Submit your photos here. ›

What they’re saying

“We did not begin this war, but we will be the ones to finish it. And let it be clear: The cyber war did not begin with the military conflict, and it will not end with any military ceasefire.”

— Handala, Hacking group

“With a ceasefire, we will likely see an expansion of cyber activity both in scale and scope. These groups will likely try to execute a high-profile attack such as what we saw with Stryker.”

— Markus Mueller, Cybersecurity executive at Nozomi Networks

What’s next

U.S. authorities have urged organizations that use industrial control systems to ensure their security precautions are up-to-date in light of the threat from Iranian-backed hackers, even as the military conflict appears to be on pause.

The takeaway

The warning from cybersecurity experts highlights how digital warfare has become deeply ingrained in modern military conflicts, with hackers able to continue targeting adversaries even when traditional fighting has temporarily halted. The ceasefire may actually embolden Iran-linked groups to expand the scale and scope of their cyberattacks, potentially leading to high-profile incidents designed to grab public attention.