Iran Cyberattack on US: Modern wars are no longer fought only with bombs, fighter jets, drones, or missiles. Fighting today also happens in cyberspace. Countries and groups now use hacking attacks to damage systems far away from the actual battlefield.
This idea became clear after recent tensions between Iran, the United States, and Israel. While Iranian Shahed drones and ballistic missiles were striking Israeli targets and American military assets in the Gulf, another attack was happening thousands of kilometres away in the United States.
In Michigan, a major medical technology company called Stryker suddenly faced a massive cyberattack. On March 11, the company’s computer systems were heavily disrupted. Tens of thousands of computers stopped working and much of the company’s global operations came to a halt.
What Happens If Iran Pulls Out of the 2026 World Cup? FIFA Rules Explained
Handala Hack Group Claims Responsibility
Soon after the incident, an Iranian-linked hacker group called Handala Hack said it carried out the attack. The group described the operation as revenge for a recent military strike.
According to the hackers, the attack was retaliation for the Minab school strike. On February 28, an American Tomahawk missile hit an elementary school in Minab. Reports said around 180 children were killed in the strike. During the same period, joint military attacks also assassinated Iran’s Supreme Leader Ayatollah Ali Khamenei along with several other senior leaders.
The hacking group claimed it carried out a large digital attack against Stryker. Handala Hack said it stole about 51 terabytes of company data. The group also claimed it erased or damaged more than 2 lakh systems including computers, servers, and mobile devices.
A newly launched Handala website lists the operations the group says it has carried out. Among the listed attacks were those targeting Stryker and Verifone, a payment technology company that builds point-of-sale card machines and related software.
While talking about the Verifone attack, the group posted a message online. It said, “This attack is a decisive and direct response to the Zionist regime’s airstrikes targeting banking infrastructure,” Handala wrote about Verifone. “Every blow will be met with an even greater response.”
Who is the Handala Hack Group
Handala Hack is believed to be an Iranian cyber group. Cybersecurity researchers at Check Point Research track the group under the name Void Manticore. Experts believe it is linked to Iran’s Ministry of Intelligence and Security, also known as MOIS.
Security researchers say the group may act as a cyber retaliation unit connected to Iranian state interests. The group is also known by several other names including Red Sandstorm, Banished Kitten, Karma, and Homeland Justice.
Handala has previously targeted many organisations. These include Israeli businesses, government agencies, and political figures. The group has also attacked government institutions in Albania.
The name of the group comes from Handala, a famous Palestinian cartoon character. The character is widely seen as a symbol of resistance.
How the Group Carries Out Cyberattacks?
Handala is known for launching destructive cyberattacks that aim to damage computer systems and erase data. Experts describe many of these operations as “wiper” attacks because they wipe or destroy files on computers and servers.
Instead of fully automated hacking campaigns, the group often carries out manual operations. Hackers directly enter systems and control the attack step by step.
They usually steal sensitive data from organisations and later release it publicly. This method is known as hack-and-leak. By exposing private information, the group tries to create embarrassment and reduce trust in government institutions.
Iran’s Khatam Al-Anbiya Warns US: Oil Prices Could Hit $200 Per Barrel
The hackers also post updates online to show what they have done and to connect their attacks with political goals. In earlier operations, the group even released personal information linked to Israeli Air Force personnel.
Handala also uses trick methods to gain entry into systems. Employees are sometimes fooled into opening fake emails or installing software updates that secretly give hackers access. After entering a system, the group may use tools such as NetBird to hide internet traffic. They also use AI-assisted scripts which help erase data faster.
Hacktivism to State-Linked Cyber Operations
Handala first appeared publicly around late 2023. At the beginning many people believed it was simply a hacktivist group supporting the Palestinian cause.
Over time, cybersecurity experts began to see stronger links between the group and Iranian state interests. Gil Messing from Israeli cybersecurity company Check Point described the group as “the most notorious group affiliated with the Iranian regime.” He said the hackers likely operate on behalf of Iran’s MOIS, according to Reuters.
Another cybersecurity team, Unit 42 from Palo Alto Networks, also described Handala as “the most prominent Iranian persona in the hacktivist world.”
