TrendPulse Logo

‘There are a lot more attacks happening that aren’t being reported’: Iran’s cyber response creeps across the globe

Source: FortuneView Original
businessMarch 29, 2026

As they fled an Iranian missile strike, some Israelis with Android phones received a text offering a link to real-time information about bomb shelters. But instead of a helpful app, the link downloaded spyware giving hackers access to the device’s camera, location and all its data.

Recommended Video

The operation, attributed to Iran, showed sophisticated coordination and is just the latest tactic in a cyber conflict that pits the U.S. and Israel against Iran and its digital proxies. As Iran and its supporters seek to use their cyber capabilities to compensate for their military disadvantages, they are demonstrating how disinformation, artificial intelligence and hacking are now ingrained in modern warfare.

The bogus texts received recently appeared to be timed to coincide with the missile strikes, representing a novel combination of digital and physical attacks, said Gil Messing, chief of staff at Check Point Research, a cybersecurity firm with offices in Israel and the U.S.

“This was sent to people while they were running to shelters to defend themselves,” Messing said. “The fact it’s synced and at the same minute … is a first.”

The digital fight is likely to persist even if a ceasefire is reached, experts said, because it’s a lot easier and cheaper than conventional conflict and because it is designed not to kill or conquer, but to spy, steal and frighten.

Iran-linked groups are turning to high-volume, low-impact cyberattacks

While high in volume, most of the cyberattacks linked to the war have been relatively minor when it comes to damage to economic or military networks. But they have put many U.S. and Israeli companies on the defensive, forcing them to quickly patch old security weaknesses.

Investigators at the Utah-based security firm DigiCert have tracked nearly 5,800 cyberattacks so far mounted by nearly 50 different groups tied to Iran. While most of the attacks targeted U.S. or Israeli companies, DigiCert also found attacks on networks in Bahrain, Kuwait, Qatar and other countries in the region.

Many of the attacks are easily thwarted by the latest cybersecurity precautions. But they can inflict serious damage on organizations with out-of-date security and impose a demand on resources even when unsuccessful.

Then there’s the psychological impact on companies that may do business with the military.

“There are a lot more attacks happening that aren’t being reported,” said Michael Smith, DigiCert’s field chief technology officer.

A pro-Iranian hacking group claimed responsibility Friday for infiltrating an account of FBI Director Kash Patel, posting what appeared to be years-old photographs of him, along with a work resume and other personal documents. Many of those records appeared to be more than a decade old.

It’s similar to a lot of the cyberattacks linked to pro-Iran hackers: splashy and designed to boost morale among supporters, while undermining the confidence of the opponent but without much impact to the war effort.

Smith said these high-volume, low-impact attacks are “a way of telling people in other countries that you can still reach out and touch them even though they’re on a different continent. That makes them more of an intimidation tactic.”

Health care and data centers have been a target

Iran is likely to target the weakest links in American cybersecurity: supply chains that support the economy and the war effort, as well as critical infrastructure like ports, rail stations, water plants and hospitals.

Iran also is targeting data centers with both cyber and conventional weapons, showing how important the centers have become to the economy, communications and military information security.

This month, hackers supporting Iran claimed responsibility for hacking Stryker, a Michigan-based medical technology company. The group known as Handala claimed the strike was in retaliation for suspected U.S. strikes that killed Iranian schoolchildren.

Cybersecurity researchers at Halcyon recently published the findings of another recent cyberattack targeting a health care company. Halcyon did not reveal the name of the company but said the hackers used a tool that U.S. authorities have linked to Iran to install destructive ransomware that shut the company out of its own network.

The hackers never demanded a ransom, suggesting they were motivated by destruction and chaos, not profit.

Together with the attack on Stryker, “this suggests a deliberate focus on the medical sector rather than targets of opportunity,” said Cynthia Kaiser, senior vice president at Halcyon. “As this conflict continues, we should expect that targeting to intensify.”

Artificial intelligence is providing a boost

AI can be used both to increase the volume and speed of cyberattacks as well as allow hackers to automate much of the process.

But it’s disinformation where AI has really demonstrated its corrosive impact on public trust. Supporters of both sides have spread bogus images of atrocities or decisive

‘There are a lot more attacks happening that aren’t being reported’: Iran’s cyber response creeps across the globe | TrendPulse