The US-Israel military operations against Iran that commenced on February 28 represent a significant escalation in hostilities that carries substantial cyber risk for US public and private sector organizations. Iran has demonstrated the capability and willingness to employ cyber operations as a tool of asymmetric retaliation. The NJCCIC is monitoring the activity of various state-sponsored and hacktivist threat actor groups aligned with Iran and its proxies.

Cyber threat activity appears to be increasing over the last week. On March 11, Iran-linked cyber threat group Handala claimed responsibility for a cyberattack against Stryker, a US-based global medical technology company. The cyberattack disrupted the company’s network, forcing Stryker offices in 79 countries to shut down. Handala claims 200,000 systems, servers, and mobile devices have been wiped, and 50 terabytes of critical data were extracted, though these specific claims have not been confirmed by Stryker. Handala stated that the cyberattack was in retaliation for a February 28 missile strike that hit an Iranian school and killed at least 175 people, mostly children. The group has made claims against additional organizations; however, these have not yet been verified.

Iran-affiliated threat groups may engage in distributed denial-of-service (DDoS) attacks, website defacements, wiper malware, ransomware, and others in support of Iran and/or against the US and Israel. Historically, Iran-affiliated cyber threat actors have targeted organizations via phishing campaigns and exploited vulnerabilities in edge devices, such as firewalls. While no specific or credible threat to New Jersey’s public and private sector cyber assets has been identified at this time, constant monitoring and heightened vigilance are required. The NJCCIC will continue to monitor the situation and produce subsequent situational reports as warranted if changes in attack vectors, targets, or impacts occur, especially those related to New Jersey.