Iran Demonstrates Its Cyber Capabilities
As the conflict enters its fifth week, Iran has increased missile and drone strikes. Its cyber warriors have stepped up in parallel.
One high-profile breach targeted an old personal email account tied to FBI Director Kash Patel. The intruders published a resume and personal photos online.
Handala Hack Team and recent seizures
The hacking group Handala Hack Team claimed responsibility for the Patel email breach. U.S. authorities say Handala is linked to Iran’s Ministry of Intelligence and Security.
An FBI spokesperson told Filmogaz.com the compromised account contained historical, non-government material. The agency offered a reward of up to $10 million for information on the group.
On March 19, the U.S. Justice Department seized four websites associated with Handala. That move followed a claimed attack on medical equipment maker Stryker.
Stryker reported ongoing recovery efforts. The company said manufacturing capacity was being restored across most sites and critical lines.
Other claimed intrusions and alleged data theft
Another actor, known as APT Iran, claimed a massive haul from a U.S. defense contractor.
Threat intelligence firm Flashpoint reported a claimed theft of 375 terabytes of data. These claims remain unconfirmed by the affected company.
Handala has also said it leaked personal details of Lockheed Martin engineers based in Israel. Lockheed Martin told Filmogaz.com no evidence shows impact to its systems or operations.
Attacks against Israel
Israel’s National Cyber Directorate reported destructive “wiper” attacks. At least 60 Israeli companies had data erased, the agency said.
Security firms Kela and Halcyon found dark web postings linked to Iran-affiliated groups. One ransomware group, Pay2Key, offered 80 percent of profits to hackers targeting Iran’s perceived enemies.
Experts on motives and methods
Cynthia Kaiser, former deputy assistant director of the FBI’s cyber division, warned of mixed tactics. She said Iranian operations blend real intrusions with disinformation.
Kaiser added that public leaks can act as cyber-enabled PR, showing retaliation without kinetic escalation. Those campaigns aim at both domestic audiences and foreign deterrence.
Mieke Eoyang, former U.S. deputy assistant secretary of defense for cyber policy, noted cyber actors need little physical infrastructure. Virtual assets enable reengagement even after physical sites are struck.
David Carmiel, CEO of Kela, highlighted blurred lines between nation-state actors and cyber criminals. He said Iranian groups emphasize destructive outcomes rather than pure financial gain.
Outlook
Iran has a long cyber history, including attacks on critical infrastructure. Experts expect cyber operations to continue during and after kinetic hostilities.
Even a negotiated cease-fire may not end the threat. Cyber campaigns can operate covertly and target a wider universe of victims.
- Reward offered by FBI: up to $10 million.
- Seized Handala websites: four (March 19).
- Claimed data theft amount: 375 terabytes (per Flashpoint).
- Israeli firms affected by wipers: at least 60.
- Pay2Key profit share offered: 80 percent (up from 70 percent).
Filmogaz.com will continue reporting on Iran’s cyber capabilities and evolving digital threats. Ongoing investigations involve multiple agencies and private firms.
