Cyber activity connected to the ongoing US–Israel–Iran conflict has increased in recent weeks, with several attacks claimed by pro-Iranian groups while more sophisticated actors continue operating quietly in the background. Companies, infrastructure systems and even surveillance cameras have been targeted since the end of Feb.
A pro-Iranian hacking group known as Handala has taken responsibility for multiple attacks. The group recently claimed it had obtained 50,000 emails from an Israeli researcher who specialises in Iran-related studies. It also said it carried out cyberattacks against 2 US companies.
Pierre-Yves Amiot, director of the CERT cyber alert centre at Orange Cyberdefense, said the group’s activity has been visible since late 2023. However, he noted that not all claims made by the group may be accurate. “They’ve recently been working on claiming responsibility for attacks that aren’t totally accurate… their aim is to try and maintain this ambiguity, to make people believe they’re extremely active when the truth may sometimes be less clear.”
Security researchers say this uncertainty creates what Amiot described as a “digital fog of war”.
Researchers from Palo Alto Networks warned in early Mar that there had been an “escalation of attacks from activists” operating outside Iran. Its Unit 42 research team also warned about a growing risk of “wiper attacks,” a form of cyberattack where hackers erase data from computer systems. The company said several incidents had already affected organisations in Israel and the US.
Meanwhile, Israel National Cyber Directorate has issued alerts about Iranian groups hacking security cameras for espionage purposes.
Experts say Handala may not be an independent hacktivist group. According to Unit 42 researchers, the group may act as a front linked to Iran’s Ministry of Intelligence and Security of Iran.
Cybersecurity analysts say Iran operates several cyber units. Adam Burgher, a researcher at ESET, said around 10 active groups are currently associated with Iranian cyber operations. The most active among them is believed to be MuddyWater.
A cybersecurity report published in Nov 2025 by Microsoft said Iranian state-linked operations remain highly active across multiple industries. However, Burgher noted that Iran’s cyber capabilities are still less advanced than those of North Korea, Russia and China.
For now, Iran’s operations may also be affected by the government-imposed internet blackout in the country. Experts say limited connectivity and reliance on fallback satellite links could restrict large-scale operations until normal internet access is restored.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
