Pro-Iranian hackers have escalated cyberattacks against US targets and regional infrastructure since a conflict began February 28, cybersecurity experts and officials report. The attacks raise concerns about potential disruptions to American defense contractors, power stations, water plants and other critical facilities.

Hackers supporting Iran claimed responsibility for a cyberattack Wednesday against Stryker, a Michigan-based medical device company. A group called Handala said the attack was retaliation for suspected US strikes. Since the conflict began, Iranian-linked hackers have also attempted to penetrate surveillance cameras in Middle Eastern countries to improve missile targeting, and have targeted data centers, industrial facilities in Israel, a school in Saudi Arabia and an airport in Kuwait.

Cybersecurity firm researchers warn that US defense contractors, government vendors and businesses working with Israel are likely targets going forward. Critical infrastructure including hospitals, ports, water treatment plants, power stations and railways face heightened risk. Pro-Iranian hackers have openly discussed plans on messaging platforms, including targeting data centers they describe as hosting US military communication systems.

Experts say Iranian hackers and allied groups are likely to focus on vulnerable targets such as local water plants and healthcare facilities that may lack resources for robust cybersecurity measures. Common attack methods include denial-of-service attacks that jam networks, website defacements, and hack-and-leak operations threatening to release stolen data.

Researchers at cybersecurity firm CrowdStrike detected increased activity from Russian hackers supporting Iran since the conflict began. A group called Z-Pentest claimed responsibility for disrupting several US networks, including closed-circuit video camera systems. Polish authorities are investigating a cyberattack on a nuclear research facility that may have Iranian connections.

Iran has invested heavily in offensive cyber capabilities while cultivating relationships with hacking groups. In recent years, Iranian-linked hackers have infiltrated Trump campaign emails, targeted US water plants, and attempted to breach military and defense contractor networks. Cybersecurity officials describe Iran as a "chaos agent" that compensates for limited resources through creative tactics aimed at causing maximum disruption.