The Iranian hacker group Handala last month breached the networks of Stryker, a medical technology company based in Michigan, wiping data and disabling thousands of devices, including some used by emergency workers. On its website, Handala boasted that the attack was “only the beginning of a new era of cyberwarfare.”
But this new era looks a lot like the old one. Despite hype about a digital Pearl Harbor attack or a cyber-9/11, the reality of cybersecurity is prosaic. Iran has carried out cybercrime, digital propaganda and minor disruptions, which are normal features of conflicts these days. Despite reports of Iran coordinating malware and disinformation with missile strikes, it has not yet inflicted serious damage via cyberwarfare alone. Much as Russia’s cyberarsenal was overestimated before the invasion of Ukraine, Iran’s cyberattacks have been underwhelming so far.
This is puzzling. The 2025 Annual Threat Assessment of the U.S. intelligence community found that “Iran’s growing expertise and willingness to conduct aggressive cyberoperations make it a major threat to the security of U.S. networks and data.” Several hacking teams sponsored by Iran’s military and security apparatuses, including Handala, have been probing America’s critical systems for years. If ever there was a time for Iran to cash in on its expertise, a war for the very survival of its regime should have been it.
It is possible that we have not heard about Iranian cyberattacks because they remain undetected or unreported. However, unobserved activity is more likely to be espionage — important, but less immediately destructive — rather than disruption, which is harder to hide. Perhaps Iranian hackers were, by the time a cease-fire was announced on Tuesday, quietly preparing to launch a big attack.
Yet observed cyberattacks like the Stryker breach appear to be quick and dirty rather than carefully coordinated operations. A U.S. Joint Cybersecurity Advisory released Tuesday said that Iranian attacks had “resulted in operational disruption and financial loss” in a few cases, but these were mainly opportunistic hacks of unprotected devices. While it is impossible to rule out surprises, the haphazard hacking that we do see probably reflects reality. Even if its digital spies are working quietly, Iran’s cyberwarfare thus far does not inspire confidence that it is good at this, in the open or behind the scenes.
A more likely possibility is that Iran’s capacity for cyberwarfare is overrated, degraded or both. The United States and Israel aggressively targeted Iranian cyberunits and operatives during the war. Israel said it had killed the Islamic Revolutionary Guards Corps spy chief and bombed the cyber- and electronic headquarters. U.S. Cyber Command is almost certainly conducting counteroperations. Hackers who are confused, paranoid or incapacitated will not excel at cyberwarfare.
cyberwarfare is neither cheap nor easy. Success requires connections to vulnerable infrastructure and sophisticated technical organizations. The United States and Israel have years of experience integrating cyberwarfare into military operations. Israel reportedly hacked Iranian security cameras to track and target senior Iranian commanders. U.S. Cyber Command disrupted and blinded Iranian forces in the early days of the war, officials have claimed.
When it comes to cyberwarfare, Iran has not been competing in the same league as the United States and Israel. In the Stryker hack, Handala found an open door in the company’s network and managed to disrupt the civilian health care system. Iranian disruption of programmable logic controllers was detected and fixed. Iran has also hacked street cameras, railway monitors and some businesses in Israel, and it may have infiltrated a nuclear research center in Poland. While these attacks caused some harm, none of them seem to be part of a coherently coordinated campaign.
Iran’s relative disadvantage in cyberwarfare may not matter much in the long run. Iran’s missile and drone attacks on Persian Gulf states and its closing of the Strait of Hormuz were far more destabilizing than its cyberwarfare has been and seem to have given it the ability to win relatively favorable terms in the recent cease-fire. If combat resumes, the United States and Israel may find it harder to repeat their early successes as Iran shores up its defenses and adapts. Cyberwizardry cannot perform strategic miracles — and it certainly cannot rescue governments from political blunders.
Jon R. Lindsay is the author of “Age of Deception: Cybersecurity as Secret Statecraft” and an associate professor of cybersecurity and international affairs at the Georgia Institute of Technology.
The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: [email protected].
Follow the New York Times Opinion section on Facebook, Instagram, TikTok, Bluesky, WhatsApp and Threads.
The post Iran Is Losing the Cyberwar, Not the Real War appeared first on New York Times.
