Handala, a pro-Iranian hacking collective, paused attacks on the United States temporarily but pledged to resume targeting Israel and, when the time is right, to renew U.S. strikes, underscoring how cyber operations are now intertwined with physical conflict.

Handala has previously claimed operations against Stryker, a Michigan-based medical equipment manufacturer, and leaked personal emails of U.S. figures after breaching accounts, signaling a pattern of high-profile targets.

The group’s actions include exploiting targets and leaking material related to U.S. and Israeli officials, prompting U.S. authorities to seize related domain names and publicize breaches.

Analysts expect future operations to be high-profile and attention-grabbing, signaling strength and mirroring earlier disruptive incidents like the Stryker case.

The broader pattern shows cyber warfare as a persistent component of the conflict, with digital assaults continuing alongside traditional military actions and leveraging proxies and multiple attack vectors.

Experts foresee a surge in high-profile attacks designed to draw public attention, even during ceasefires, noting that Iranian-backed cyber operations have been high-volume but with relatively lower impact so far.

During lulls in kinetic hostilities, analysts expect cyber activity to expand in scale and scope, targeting U.S. organizations tied to the war effort, including data centers, tech firms, and defense contractors.

Overall, expert assessments indicate pro-Iranian hackers have mounted high-volume operations to signal vulnerability and morale, even as military advantages persist.

Other pro-Iranian actors have deployed malware on mobile devices and conducted surveillance of cameras for missile targeting, alongside attacks on data centers and facilities in Israel, Saudi Arabia, and Kuwait.

These actors have pursued attacks on Israelis and regional facilities, including attempts to compromise devices and data centers across Israel, Saudi Arabia, and Kuwait, highlighting a broad regional cyber threat landscape.

The broader activity includes efforts to install malware on Israeli phones, compromise regional cameras, and target data centers and industrial facilities in the region.

U.S. authorities, including the FBI, NSA, and CISA, warned that Iran-aligned hackers foothold critical internet-enabled industrial control systems, such as PLCs used in ports, power plants, and water infrastructure, prompting security advisories.