Iran’s Digital War Machine Targeting U.S. Infrastructure – The Cipher Brief

Staff Editor 2026-05-21
Iran’s Digital War Machine Targeting U.S. Infrastructure – The Cipher Brief

Iran’s Digital War Machine Targeting U.S. Infrastructure – The Cipher Brief

https://www.thecipherbrief.com/iran-digital-targeting-infrastructure

Publish Date: 2026-05-21 06:02:00

Source Domain: www.thecipherbrief.com

Israel wiped out a major military hub in southeastern Tehran, hitting a site that Western intel says was the nerve center for the IRGC. The facility didn’t just house the Quds Force and Basij; it served as the literal “brain” for Iran’s global hacking campaigns and internal security operations.

The facility coordinated intrusion campaigns against adversaries across multiple continents. Yet even as satellite imagery confirmed the compound’s destruction, cybersecurity analysts were documenting a spike in reconnaissance activity emanating from Iranian-linked networks.

Tehran’s digital arsenal has proven more resilient than the bombing runs suggest. Handala — the persona behind the Stryker attack and now assessed as a front for Void Manticore, an MOIS-affiliated state actor — exemplifies exactly this. It operates as a hack-and-leak engine optimized for psychological disruption: breaking into accessible systems, wiping data, and timing the release of stolen material to maximize pressure on targets.

The earlier assassination of Deputy Intelligence Minister Seyed Yahya Hosseini Panjaki, once the man pulling the strings behind Handala and Karma Below, did not collapse the operation. Rather than dissolving, the apparatus evolved.

“State-aligned threat actors began utilizing out-of-band communication methods and alternative infrastructure, such as Starlink IP ranges, to bypass the degraded domestic grid,” JP Castellanos, Director of Threat Intelligence at Binary Defense, tells The Cipher Brief.

In simpler terms, Iranian hackers quickly shifted to alternative internet connections and encrypted communication channels that operate outside Iran’s damaged infrastructure, allowing cyber operations to continue even as domestic networks faltered.

Critical Infrastructure in the Crosshairs

The fallout from the February strikes has moved well past network probing. Iranian-linked hackers have successfully targeted and disrupted multiple U.S. oil, gas, and water sites…

Source

More Stories

OpenAI to provide Japan gov’t with advanced cybersecurity AI model

OpenAI to provide Japan gov’t with advanced cybersecurity AI model

Staff Editor 2026-05-21
When Identity is the Attack Path

When Identity is the Attack Path

Staff Editor 2026-05-21
Sophos research sets alert about WantToCry Ransomware

Sophos research sets alert about WantToCry Ransomware

Staff Editor 2026-05-21

Terms and Conditions - Privacy Policy