Continuing a cyber-enabled war, Iran-linked hackers respond to US-Israel attacks with hacks on Israeli cameras, the FBI Director, and Lockheed Martin.
Since the United States - Israel war on Iran started, there has been more reliance on cyberwarfare to make critical attacks. From the February 28th attacks, the US Cyber and Space Cyber Command have worked together to stop communication networks during operations, while other hackers targeted news sites and even a religious calendar app. Almost immediately after the US-Israel attacks, there was an uptick in hacktivist (politically-motivated hacking) activity, triggering the United Kingdom’s National Cyber Security Centre (NCSC) to release an alert asking organizations to improve their cybersecurity in preparation. As the war on Iran escalates without a clear end in sight, there has also been an escalation of war-related cyberattacks on a global level.
Street cameras have proven to be valuable targets for hackers seeking specific individuals. In one case, the infamous “El Chapo” drug cartel hired a hacker to find ‘people of interest’ who visited the US Embassy frequently and were suspected of possibly helping the FBI or other investigators. By reviewing cellphone data and Mexico City’s camera systems, the hacker tracked down people who could’ve served as witnesses, which led to these individuals being intimidated or even killed to prevent the spread of information. In the February 28th attacks on Iran, Israel also hacked surveillance cameras to find and kill Iran’s former leader, Ayatollah Ali Khamenei. The feat was likely aided by the tens of thousands of street cameras that Iranian officials had installed as answer to the sweeping protests against the government.
Many security experts have pointed out that many cameras have serious vulnerabilities that lend themselves to being compromised. San Jose Security Researcher, Paul Marrapese, once uncovered a critical vulnerability in millions of cameras in his work on camera security. Marrapese described why cameras have been and will continue to be targeted: “Cameras are sort of perfect. It’s not only a foothold in the network but you have microphones; you have video. You can, a lot of times, even view previous footage.” It’s common for camera systems to use peer-to-peer (P2P) connections and unique identifiers (UID), but this allows for unrestricted access to other cameras in the network as long as the hacker has the UIDs. Even government systems, which typically have more security, can still be breached after getting to the private network.
A couple of weeks after Israel’s camera hack, hackers associated with Iran also compromised about 50 public cameras in Israel, alongside hacks on 50 small Israeli companies. According to the director-general of the Israel National Cyber Directorate, Yossi Karadi, the camera breaches were challenges for security personnel but were quickly addressed. The quick resolution may have been achieved with earlier preparation, since Israel had sounded the alarm about Iran using surveillance cameras to spy last year. Karadi similarly shared that Iran-linked hackers destroyed the data of companies that already had cybersecurity vulnerabilities, but most companies did not need a lot of time to recover.
Iran-linked hackers have been active in the US, too. Kash Patel, the Director of the FBI, had his old personal email account hacked by Handala. The contents, including an old resume and pictures of him with rum, smoking cigars, and riding in a convertible, were published online. Handala also claimed responsibility for the March 11 cyberattack on Stryker, a medtech company, that took three weeks to recover from. Another group, APT Iran, claims to have stolen 375 terabytes of data from Lockheed Martin, including Israeli employee information.
More cyberattacks from Iran and hackers in support of Iran may be expected in the near future. On March 31st, 2026, Iran’s Revolutionary Guard named nearly twenty tech companies (including Nvidia, Apple, Microsoft, Google, Cisco, HP, Intel, Oracle, IBM, Dell, Palantir, JPMorgan, Tesla, GE, SPire Solutions, Boeing, G42) as organizations that they now consider to be “legitimate targets” for retribution. In a Telegram channel, the IRG threatened, “From now on, for every assassination, an American company will be destroyed”. One Ransomware-as-a-service (RaaS) operator, Pay2Key, is also reportedly increasing the profit share from 70% to 80% for affiliates who successfully attack “enemies” of Iran, like the US and Israel.
The true threat level of these cyberattacks is not entirely clear. The hack on Patel’s email did not include any information related to the FBI, and the claims about the Lockheed Martin hack are also unverified. Halcyon’s senior vice president of ransomware research, and a former deputy assistant director at the FBI’s cyber division, Cynthia Kaiser, pointed out the hack claims can be exaggerated: “You’ve seen Handala do this a lot … it’s a mixture of lies and real attacks, making it hard to parse out what’s exactly happening. But if the ultimate aim is showing you can retaliate—either for an internal Iranian audience or for those whose activity you’re trying to dissuade—going public is important”.
In any case, the US will likely need to prepare for more highly public attacks. On April 1st, 2026, Trump gave a national address on Iran and shared that the US would continue to attack “extremely hard over the next two to three weeks.” In response, Iran has also threatened “crushing, broader, and more destructive” attacks. In a war that is increasingly fought in the cyber domain, this seems to guarantee monumental hacks. At the same time, the Department of Homeland Security (DHS) shutdown has led the Cybersecurity and Infrastructure Security Agency (CISA) to furlough 60% of its already minimized workforce. Hopefully, the shutdown comes to an end before any serious cyberattacks occur.