Hacked Hospitals and Fake Warships: Iran's Cyber Arsenal Is Doing the Heavy Lifting

When your conventional military is outgunned, you get creative. Iran has done exactly that, turning lines of code into weapons that punch well above their weight class.

Since Operation Epic Fury launched on 28 February 2026, Iran-linked hackers have waged a relentless digital offensive against both the United States and Israel. According to figures cited by DigiCert, roughly 5,800 cyberattacks have been carried out by an estimated 50 groups with ties to Tehran, though some independent trackers put the number of active groups even higher at over 60.

The sheer audacity of some operations is genuinely hard to overstate.

Spyware Disguised as Safety

Picture this: Israeli civilians, mid-missile-strike, receive text messages linking to what appears to be a bomb shelter locator app. Terrified people download it. What they actually get is spyware.

Gil Messing, chief of staff at Check Point Research, confirmed the texts were deliberately timed to coincide with incoming missiles, exploiting panic for maximum effect. The malicious app was identified by Acronis Threat Research Unit on 1 March as a trojanised replica of the Red Alert rocket warning app.

Attribution remains contested. Some researchers link it to Arid Viper, a Hamas-aligned group, rather than directly to Iranian state actors, though the lines between proxy and patron are increasingly blurred in this conflict.

Hospitals in the Crosshairs

Perhaps the most alarming single incident came courtesy of Handala, a hacking group the U.S. Department of Justice has since formally attributed to Iran's Ministry of Intelligence and Security. The group claimed responsibility for attacking Stryker, a Michigan-based medical technology firm, reportedly wiping more than 200,000 devices across 79 countries. Some hospitals were forced to temporarily pause vital-sign data transmission.

U.S. officials described it as likely the most significant wartime cyberattack against America in history. The Trump administration responded by offering a $10 million reward for information on Handala members.

The group also claimed to have breached an account belonging to FBI Director Kash Patel, though the bureau stated the exposed material was historical in nature and contained no government information.

Separately, cybersecurity firm Halcyon published findings on an attack against a healthcare company using Pay2Key ransomware, a tool linked to Iranian government actors since 2020. Notably, no ransom was demanded, suggesting the goal was destruction rather than profit. When hackers do not even bother asking for money, you know the motive is something altogether more sinister.

Deepfakes and Disinformation at Scale

Iran's digital strategy extends well beyond hacking. Pro-Iranian accounts have flooded social media with AI-generated content, including deepfake imagery of sunken U.S. warships. While some reports suggested a single image racked up 100 million views, researchers at Albis found the most viral individual clip garnered around 70 million views. The broader disinformation campaign, tracked by Cyabra, generated a staggering 145 million views and 9 million interactions across platforms in a matter of days.

Iranian state media has also begun labelling genuine footage as fake while substituting doctored imagery, according to NewsGuard, which identified 18 false war-related claims from Iranian sources. Reality itself has become a contested space.

A Two-Way Street

It is worth noting this cyber conflict runs in both directions. Israel reportedly conducted what some analysts described as the largest cyberattack in history against Iran, dropping the country's internet connectivity to between 1 and 4 per cent for over 60 hours.

The State Department formally launched its Bureau of Emerging Threats in March 2026, having notified Congress on 23 March. Director of National Intelligence Tulsi Gabbard told lawmakers that AI will increasingly shape future cyber operations, a prediction that already feels like an understatement given recent events.

The uncomfortable truth is straightforward: in modern warfare, your phone is a battlefield, your hospital network is a target, and a bomb shelter app might be the most dangerous thing you download. Welcome to the new normal.

Read the original article at source.