How Iranian Hackers Pose A Threat To US Critical Infrastructure (Video)

An Iran-linked group named Handala claimed responsibility for a cyberattack on Portage, Michigan-based medical device manufacturer Stryker Corp. on March 11, 2026. The attack, which disrupted Stryker's order processing, manufacturing, and shipping via its Microsoft software system, was reportedly in retaliation for events related to the conflict in Iran. William Akoto, an Assistant Professor of Global Security at American University, noted that such cyber operations are increasingly used alongside conventional military tactics during geopolitical tensions to inflict damage, probe weaknesses, and signal resolve. The Stryker incident underscores how regional conflicts can quickly impact organizations far from the battlefield, exposing vulnerabilities within U.S. critical infrastructure. This infrastructure extends beyond obvious targets like power plants to include crucial suppliers such as managed IT providers, cloud, and data center operators. The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on April 7 regarding Iran-affiliated hackers accessing U.S. critical infrastructure, causing operational disruptions in some cases. U.S. officials, including CISA, FBI, and NSA, have also highlighted similar activities by China-linked groups like Volt Typhoon, which compromise IT systems across multiple critical infrastructure sectors to gain stealthy, persistent access and leverage. These attacks are often designed not for immediate chaos but to build future options for disruption or data theft. Federal efforts, including CISA's "Shields Up" guidance and the Cyber Incident Reporting for Critical Infrastructure Act of 2022, aim to enhance cybersecurity vigilance and reporting from the largely privately-owned critical infrastructure sector. However, challenges persist due to uneven resources and incentives, making public-private partnerships crucial for defense against state-linked cyber threats.