Iran Is Losing the Cyberwar, Not the Real War

Dr. Lindsay focuses on cybersecurity at the Georgia Institute of Technology.

The Iranian hacker group Handala last month breached the networks of Stryker, a medical technology company based in Michigan, wiping data and disabling thousands of devices, including some used by emergency workers. On its website, Handala boasted that the attack was “only the beginning of a new era of cyberwarfare.”

But this new era looks a lot like the old one. Despite hype about a digital Pearl Harbor attack or a cyber-9/11, the reality of cybersecurity is prosaic. Iran has carried out cybercrime, digital propaganda and minor disruptions, which are normal features of conflicts these days. Despite reports of Iran coordinating malware and disinformation with missile strikes, it has not yet inflicted serious damage via cyberwarfare alone. Much as Russia’s cyberarsenal was overestimated before the invasion of Ukraine, Iran’s cyberattacks have been underwhelming so far.

This is puzzling. The 2025 Annual Threat Assessment of the U.S. intelligence community found that “Iran’s growing expertise and willingness to conduct aggressive cyberoperations make it a major threat to the security of U.S. networks and data.” Several hacking teams sponsored by Iran’s military and security apparatuses, including Handala, have been probing America’s critical systems for years. If ever there was a time for Iran to cash in on its expertise, a war for the very survival of its regime should have been it.

It is possible that we have not heard about Iranian cyberattacks because they remain undetected or unreported. However, unobserved activity is more likely to be espionage — important, but less immediately destructive — rather than disruption, which is harder to hide. Perhaps Iranian hackers were, by the time a cease-fire was announced on Tuesday, quietly preparing to launch a big attack.

Yet observed cyberattacks like the Stryker breach appear to be quick and dirty rather than carefully coordinated operations. A U.S. Joint Cybersecurity Advisory released Tuesday said that Iranian attacks had “resulted in operational disruption and financial loss” in a few cases, but these were mainly opportunistic hacks of unprotected devices. While it is impossible to rule out surprises, the haphazard hacking that we do see probably reflects reality. Even if its digital spies are working quietly, Iran’s cyberwarfare thus far does not inspire confidence that it is good at this, in the open or behind the scenes.

A more likely possibility is that Iran’s capacity for cyberwarfare is overrated, degraded or both. The United States and Israel aggressively targeted Iranian cyberunits and operatives during the war. Israel said it had killed the Islamic Revolutionary Guards Corps spy chief and bombed the cyber- and electronic headquarters. U.S. Cyber Command is almost certainly conducting counteroperations. Hackers who are confused, paranoid or incapacitated will not excel at cyberwarfare.

Subscribe to The Times to read as many articles as you like.

© The New York Times