Asger Risom
Cyberattacks have become a central tool in the Iran conflict, with coordinated groups targeting US and Israeli infrastructure, companies, and systems in a rapidly expanding digital battlefield.
Cyberwarfare is no longer a supporting element of modern conflict — it is now an active battlefield.
As tensions escalate around Iran, state-linked groups and hacktivists are launching coordinated cyberattacks against infrastructure, companies, and institutions in the United States and Israel. The scale and organization of these operations suggest a shift toward persistent, network-level disruption rather than isolated incidents.
The conflict is increasingly being fought through systems, not just weapons.
Attacks target infrastructure and global networks
Several high-profile incidents point to the growing reach of these operations.
According to Euronews and The Wall Street Journal, U.S. medical technology company Stryker confirmed a cyberattack that disrupted parts of its global network. Employees reportedly encountered messages linked to the pro-Iranian hacker group Handala.
Cyber intelligence platform SOCRadar said the group claimed to have exploited Microsoft’s Intune platform to wipe more than 200,000 devices across dozens of countries.
The full extent of the damage remains unclear.
Handala has also claimed responsibility for other attacks, including a breach involving the Hebrew University of Jerusalem, where it says more than 40 terabytes of data were deleted.
How pro-Iran groups operate
Cybersecurity firm CloudSek reports that several groups linked to Iran’s Revolutionary Guard Corps are actively targeting U.S. systems.
These include CyberAv3ngers, APT33, and APT55, which focus on industrial control systems — the software that manages physical infrastructure such as energy grids, water facilities, and production systems.
Their methods are often simple but effective.
In some cases, attackers gain access using default or weak passwords, then deploy malware capable of disrupting or controlling systems. Other groups focus on espionage, collecting data from the energy and defense sectors for intelligence purposes.
The strategy combines disruption with long-term access.
A coordinated digital campaign
The scale of activity has expanded beyond isolated groups.
More than 60 hacktivist groups reportedly formed a coalition known as the “Islamic Cyber Resistance,” coordinating attacks through encrypted channels such as Telegram. In the early phase of the conflict, the group claimed responsibility for hundreds of operations.
Unlike formal state units, these groups operate with fewer constraints, making their actions less predictable and potentially more disruptive.
Some are also believed to use artificial intelligence tools to assist with targeting and execution, lowering the technical barrier for participation.
The US and Israel are also deploying cyber capabilities
Cyber operations are not one-sided.
U.S. Cyber Command has been involved from the early stages of the conflict, working to disrupt Iranian communications and sensor systems. Officials say these efforts have degraded Iran’s ability to coordinate responses.
Reports also indicate that Israeli operations have used data obtained through cyber means, including traffic camera systems, to support intelligence efforts.
In this environment, cyber tools are being used alongside conventional military capabilities.
A global network of participants
The conflict has drawn in actors from multiple regions.
Groups linked to Iraq, Russia, and other countries have joined attacks on infrastructure across the Middle East. Targets have included airports, government systems, and defense-related companies.
These operations are often decentralized, with coordination taking place outside Iran due to domestic internet restrictions.
The result is a distributed cyber campaign that extends well beyond national borders.
Warfare is shifting into digital systems
What emerges is a different model of conflict.
Cyberattacks are being used to disrupt logistics, damage infrastructure, gather intelligence, and influence operations in real time. The boundary between military and civilian targets is increasingly blurred, as companies and public systems become part of the battlefield.
The Iran conflict is showing how cyber capabilities can scale quickly, involve multiple actors, and operate continuously alongside traditional warfare.
Sources: Digi24, Euronews, The Wall Street Journal, CloudSek, SOCRadar
