“This is just the beginning of a new era of cyber war“. With this threat, the hacker group It will go awaylinked to the Ministry of Intelligence of Iranclaimed responsibility in early March for a computer attack with which it managed to shut down the systems of the American medical equipment supplier Stryker. Shortly after, he stole and published personal images of the director of the FBI, Kash Pateland penetrated the systems of the most important security study center in Israelfiltering more than 100,000 emails and accessing their security cameras.
Los cyber attacks of Handala are only one leg of the strategy with which Tehran has responded to the guerra started by USA e Israel at the end of February. Since then, the diminished regime of the ayatollah has combined armed maneuvers on the ground with campaigns of disinformation online and computer attacks. These are being perpetrated by other groups such as CyberAv3ngers or APT Iran, which in March claimed to have stolen confidential data from the arms giant Lockheed Martinsomething that the main missile supplier of the Pentagon has not confirmed.
On the digital level, Iran has alternated low-level attacks with advanced operations designed mainly to torpedo the functioning of its rivals’ strategic sectors. After the start of the truce Physically on April 8, cyber operations linked to the Persian country have increased by 15% against Israel and 10% in the Gulf region, according to data from the cybersecurity firm Check Point. Although attempts in the United States have diminished, experts say The New York Timesthat could be due to a tactical change towards espionage silent.
The cyberattacks launched by Iran seek to obtain intelligence that serves their physical military deployment, but also sows fear and the chaos social. For the Center for Strategic & International Studies, Tehran uses these operations in the Cyberspace to “project power against its regional and global adversaries; support and inform its military activity; and support its efforts at economic coercion in the Strait of Hormuz“.
Vulnerable infrastructures
Their tactics, deployed by actors linked to the Islamic Revolutionary Guardhave achieved some success. In early April, several government agencies Donald Trump issued a joint warning in which they assured that cyber incidents had already managed to hijack the computers of US organizations in critical areas such as the energy or the agua potable. Although they did not specify the number of interruptions caused, they noted that they had caused “disruptions and economic losses.”
The “slight” uptick in Iran’s cyber operations demonstrates that it is “beginning to weaponize the access it already had to victims’ networks across the US,” warns the Center for Strategic & International Studies, indicating that “such actions are likely to intensify.” This infiltration has been possible because the critical infrastructures of USA “They have been in a vulnerable situation for decades,” that is, “in many cases” equipped with “obsolete technology,” a situation that has been aggravated by the cutout of at least 707 million dollars that the Trump Administration has inflicted on the Cybersecurity and Infrastructure Security Agency.
AI against critical targets
To do this, the diminished Iranian regime would have resorted to artificial intelligence (AI) to sophisticate their attacks. Recently, the Cybersecurity Council of the Government of United Arab Emirates has indicated that Iran would be using tools of Generative AI as ChatGPT to detect vulnerabilities and perfect some of the up to 700,000 daily attack attempts launched against the computer systems of the federation of Gulf petromonarchies, reports Gulf News. During the first quarter of the year, incidents of phishing —credential fishing scams— have skyrocketed 32%; cases of malicious packages discovered in public repositories, 75%; and intrusions into the cloud35%, according to the latest reports from Sonatype and CrowdStrike. At the end of 2025 it was Google who warned that Tehran was trying to use its model of IA, Geminito design more complex computer viruses.
By lowering the barrier to entry cybercrimeAI is seen as a threat amplifier. However, it can also be an opportunity to detect security breaches before your enemies and develop more flexible defense mechanisms, explains Wei Yuan, director of operations at Applus+ Laboratories, to EL PERIÓDICO within the framework of the XI National Cybersecurity Research Conference (JNIC) organized by the Universitat Politècnica de Catalunya (UPC) in collaboration with the National Cybersecurity Institute of Spain (INCIBE).
Limited impact
Although Iran’s cyber attacks have increased, their impact has also been limited. “Iran’s cyber attacks have been disappointing so far… They have not yet inflicted serious damage through cyber warfare alone,” cybersecurity expert Jon R. Lindsay recently told The New York Times. That’s because Tehran’s capabilities “are overrated, underrated, or both.”
At least two factors would contribute to this degradation. On the one hand, the Internet blockade with which the Iranian authorities are trying to disconnect their population from reality. On the other hand, since they started the war against their historic enemy in Middle East, Washington y Tel Aviv have managed to assassinate the head of the Iranian intelligence service, General Seyed Majid Khademi, and at least two prominent hackers wanted by the FBI, according to Forbes.
Subscribe to continue reading
