The escalating conflict between Iran and the United States is beginning to spill into cyberspace, opening a new digital front alongside missiles and drones.
The war began on February 28, 2026, when the United States and Israel launched coordinated strikes on Iranian targets, triggering a broader regional confrontation.
Within hours of the military operation, cyberattacks started appearing across Iranian digital infrastructure. Cybersecurity observers reported the hacking of several Iranian websites and applications, including a widely used religious calendar app that was defaced with political messages directed at Iranian users.
Since then, cyber activity linked to the conflict has continued to escalate.
One of the most visible incidents involved a cyberattack on Stryker, a U.S. medical technology company. A hacker group known as Handala, which analysts believe is linked to Iranian intelligence networks, claimed responsibility for the attack and said it disrupted thousands of computers across the company’s systems.
The group also claimed it wiped over 200,000 devices and extracted more than 50 terabytes of company data, though investigators are still determining the full extent of the breach.
Why It Matters
Cyber operations have increasingly become a central feature of modern warfare.
Unlike traditional military attacks, cyber campaigns can reach targets far beyond the physical battlefield. A hacker group operating in one country can disrupt businesses, infrastructure, or government networks thousands of kilometres away.
Security experts say conflicts involving nation states frequently trigger waves of cyber operations that include espionage, data theft, and attempts to disrupt infrastructure systems.
In the current conflict, analysts expect cyber activity to intensify as both sides attempt to weaken each other’s capabilities while avoiding direct military escalation in certain areas.
Iran has long invested in offensive cyber capabilities, often using both state-linked groups and loosely affiliated hacker collectives to conduct digital operations.
Who’s affected
The potential targets extend far beyond government agencies.
Security researchers warn that Iranian cyber groups may attempt attacks against banks, airports, water systems, defence contractors, and energy infrastructure in the United States and allied countries.
Several Iranian hacking groups have already been linked to international cyber campaigns in the past. Among the most prominent are APT42 and APT33, which analysts say have ties to Iran’s Revolutionary Guard and intelligence services.
These groups typically conduct operations that include phishing campaigns, malware deployment, and network infiltration aimed at espionage or disruption.
Because many global companies rely on interconnected cloud systems and digital infrastructure, a successful cyberattack in one sector could ripple across multiple industries.
What’s next
Cybersecurity analysts believe the digital front of the conflict is still in its early stages.
As military tensions continue, cyber operations may expand to include larger infrastructure attacks, coordinated hacktivist campaigns, and long-term espionage efforts targeting government and corporate networks.
For companies and governments watching the conflict unfold, the message is clear. The battlefield is no longer limited to land, air, and sea.
It now extends into the networks that power the modern digital economy.
