Even after the cease-fire between the United States and Iran, Iranian hackers have not stopped their attacks. Analysts say they are instead attempting to infiltrate in more covert and crafty ways.

On the 16th (local time), Iranian women walk past a banner bearing a portrait of Iran's new Supreme Leader Ayatollah Mojtaba Khamenei on a street in northern Tehran. /Courtesy of AFP

The New York Times (NYT) reported on the 16th (local time) that Iranian cyber operations have continued even after the cease-fire between Iran and the United States took effect on the 8th. The recent moves by Iranian hackers differ from the showy attacks of the past. According to U.S. intelligence officials and Western cybersecurity experts, they are now zeroing in on "weak links," including not only U.S. and Israeli government officials but also private contractors consolidation to them.

In particular, they are choosing to infiltrate and lie low inside critical infrastructure such as water resources facilities or power grids. Analysts say the strategy is to secure leverage that could cause social paralysis in an emergency, rather than destroying systems immediately.

Since the U.S. and Israel struck Iran in late February, Iran has combined military attacks, disinformation, and sophisticated cyberattacks. The hacking group "Handara," known to be controlled by the Ministry of Intelligence (MOIS), recently hacked the personal account of FBI Director General Kash Patel and leaked emails and photos. It also temporarily crippled the systems of Stryker, a global medical equipment supplier, shocking the security industry.

Attacks targeting Israel are even more blatant. After hacking an account related to former Israel Defense Forces (IDF) chief of staff Herzl Halevi, Handara recently added Dubai government agencies to its target list. According to cybersecurity firm Check Point, Iran-linked cyberattacks have increased by about 10% in the Gulf region and about 15% against Israel since the cease-fire.

Experts warn that while Iran's cyber capabilities are not as sophisticated as Russia's or China's, they are more dangerous in terms of unpredictability. Evan Peña, co-founder of the cybersecurity firm Amadin, said, "Now is the time to be more wary of Iran than ever," adding, "In cyberwarfare, there is virtually no such thing as a cease-fire." He also said, "If negotiations break down, Iran will launch immediate sabotage through networks it has already infiltrated."

※ This article has been translated by AI. Share your feedback here.