Iran-Linked Hackers Vow to Continue Cyberattacks Despite Ceasefire

Cybersecurity experts warn of potential escalation in attacks on U.S. organizations following temporary truce

Apr. 9, 2026 at 2:13pm

Got story updates? Submit your updates here. ›

A highly detailed, glowing 3D illustration of a programmable logic controller (PLC) device used in industrial control systems, illuminated by neon cyan and magenta lights. The PLC is the central visual focus, surrounded by a dark, moody background that suggests the hidden cyber threats targeting critical infrastructure.Glowing industrial control systems targeted by Iran-linked hackers highlight the growing cyber threats to critical infrastructure.Washington Today

Hackers backing Iran have vowed to continue their cyberattacks against the U.S. and Israel, despite an uncertain ceasefire between Iran and the U.S. and Israel. One leading hacking group, Handala, said it would temporarily postpone attacks on the U.S. but would continue targeting Israel, and would revive efforts against America when the time was right. U.S. authorities have warned that Iranian-allied hackers have infiltrated industrial control systems used in key sectors like ports, power plants, and water facilities, posing a serious threat to critical infrastructure.

Why it matters

The continued threat of cyberattacks from Iran-linked hackers, even during a ceasefire, highlights the growing role of digital warfare in modern military conflicts. These attacks can have significant real-world impacts, disrupting essential services and infrastructure. The warning from U.S. authorities underscores the need for organizations to remain vigilant and ensure their cybersecurity measures are up-to-date to defend against these persistent threats.

The details

According to the report, the pro-Palestinian, pro-Iranian hacking group Handala has claimed credit for disrupting the operations of the U.S. medical manufacturer Stryker and hacking into FBI Director Kash Patel's personal email account, among other cyberattacks. The group vowed to continue targeting Israel and revive its efforts against the U.S. when the time is right, despite the ceasefire announcement. U.S. authorities have also warned that Iranian-allied hackers have infiltrated industrial control systems used in key sectors like ports, power plants, and water facilities, posing a serious threat to critical infrastructure.

  • The ceasefire between Iran and the U.S. and Israel was announced recently.
  • Handala said it would temporarily postpone attacks on the U.S. but continue targeting Israel.

The players

Handala

A pro-Palestinian, pro-Iranian hacking group that operates independently of Tehran and has claimed credit for various cyberattacks, including disrupting the operations of the U.S. medical manufacturer Stryker and hacking into FBI Director Kash Patel's personal email account.

Kash Patel

The current FBI Director.

Stryker

A major U.S. medical equipment supply company that was targeted by Handala in a cyberattack.

FBI

The U.S. Federal Bureau of Investigation, which responded to the Handala hack by seizing four internet web addresses used by the group to spread its message.

National Security Agency (NSA)

A U.S. intelligence agency that, along with the FBI and Cybersecurity and Infrastructure Security Agency (CISA), issued a joint advisory warning about Iranian-allied hackers infiltrating industrial control systems.

Got photos? Submit your photos here. ›

What they’re saying

“We did not begin this war, but we will be the ones to finish it. And let it be clear: The cyber war did not begin with the military conflict, and it will not end with any military ceasefire.”

— Handala, Hacking group

“With a ceasefire, we will likely see an expansion of cyber activity both in scale and scope. These groups will likely try to execute a high-profile attack such as what we saw with Stryker.”

— Markus Mueller, Cybersecurity executive at Nozomi Networks

What’s next

U.S. authorities have urged organizations that use industrial control systems to ensure their security precautions are up-to-date to defend against the persistent threat of cyberattacks from Iran-linked hackers.

The takeaway

The continued threat of cyberattacks from Iran-linked hackers, even during a ceasefire, underscores the growing role of digital warfare in modern military conflicts. These attacks can have significant real-world impacts, disrupting essential services and infrastructure, and highlight the need for organizations to remain vigilant and proactive in their cybersecurity efforts.