Iran-Backed Hackers Vow to Continue Cyberattacks Despite Ceasefire

Cybersecurity experts warn that a temporary truce between Iran, the U.S., and Israel is unlikely to stop retaliatory digital strikes.

Apr. 9, 2026 at 1:18am

Got story updates? Submit your updates here. ›

A highly detailed, glowing 3D macro illustration of a complex network of interconnected servers, cables, and cybersecurity infrastructure in shades of neon cyan, magenta, and electric blue, conveying the high-stakes digital conflict between Iran-backed hackers and their targets.As a fragile ceasefire takes hold, the threat of escalating cyberattacks from Iran-linked hackers looms over critical infrastructure in the U.S. and Israel.Washington Today

Hackers aligned with Iran have vowed to continue their cyberattacks against the U.S. and Israel, even as a fragile ceasefire has been announced between the warring parties. Cybersecurity experts say the lull in hostilities could allow these hacking groups to shift their focus and launch more high-profile attacks on American organizations that participated in the conflict in some way, such as data centers, tech companies, and defense contractors.

Why it matters

The escalating cyber warfare between Iran and its adversaries has become a central front in the broader regional conflict, with hackers launching disruptive attacks on critical infrastructure and government agencies. Despite the ceasefire announcement, the hackers' defiant stance suggests the digital battles are likely to persist, posing an ongoing threat to potential targets in the U.S. and Israel.

The details

One prominent hacking group known as Handala said it would temporarily pause attacks on the U.S. but continue targeting Israel, vowing to revive its efforts against America when the time is right. Handala has previously claimed credit for disrupting the operations of the U.S. medical manufacturer Stryker and hacking into FBI Director Kash Patel's personal email account. U.S. authorities have also warned that Iranian-backed hackers have infiltrated internet-connected industrial control systems used in key sectors like ports, power plants, and water facilities.

  • On Tuesday, U.S. authorities issued a joint advisory warning about the threat of Iranian-backed hackers targeting industrial control systems.
  • Last month, Handala claimed responsibility for hacking Stryker, a major medical equipment company, in retaliation for strikes that killed Iranian schoolchildren.

The players

Handala

A pro-Palestinian, pro-Iranian hacking group that operates independently of Tehran and has claimed credit for various cyberattacks against U.S. and Israeli targets.

Kash Patel

The current Director of the FBI, whose personal email account was allegedly hacked by Handala.

Nozomi Networks

A cybersecurity firm whose executive, Markus Mueller, predicts an increase in cyberattacks on American organizations following the ceasefire announcement.

Got photos? Submit your photos here. ›

What they’re saying

“We did not begin this war, but we will be the ones to finish it. And let it be clear: The cyber war did not begin with the military conflict, and it will not end with any military ceasefire.”

— Handala

“With a ceasefire, we will likely see an expansion of cyber activity both in scale and scope. These groups will likely try to execute a high-profile attack such as what we saw with Stryker.”

— Markus Mueller, Cybersecurity Executive

What’s next

U.S. and Israeli cybersecurity authorities are expected to remain on high alert for potential retaliatory cyberattacks from Iran-linked hackers, even as the military ceasefire is in place.

The takeaway

The escalating cyber warfare between Iran and its adversaries has become a central front in the broader regional conflict, with hackers launching disruptive attacks on critical infrastructure and government agencies. Despite the ceasefire announcement, the hackers' defiant stance suggests the digital battles are likely to persist, posing an ongoing threat to potential targets in the U.S. and Israel.