Iran war cyberattacks hit global firms

A wave of cyber operations has become a visible front in the Iran war, with attacks now spilling into private companies and civilian infrastructure far from the battlefield. Euronews reports that the Iran-linked group Handala claimed it used Microsoft’s Intune management platform to remotely wipe more than 200,000 devices across 79 countries, after employees at US medical-technology firm Stryker found the group’s logo on internal login pages. Stryker confirmed a cyberattack disrupted its global network, while details of the damage and recovery timeline remain unclear.

The reporting sketches a conflict where “kinetic” strikes and digital sabotage are increasingly treated as the same supply chain problem: sensors, communications, logistics, and industrial control systems. A CloudSek report cited by Euronews describes multiple Iranian state-connected groups targeting US critical infrastructure, including industrial control systems that run water treatment plants, power grids and manufacturing lines. The techniques described are not exotic: logging into industrial machines with default passwords; spraying common passwords against accounts at energy companies; and using “initial access brokers” to harvest credentials and sell them onward to other attackers. When the entry cost is a default password, the expensive part is not the hack; it is the downstream cost of restoring operations, documenting compliance, and explaining outages to regulators and customers.

The same dynamic appears on the other side. According to Euronews, US Cyber Command was described by America’s top military officer, General Dan Caine, as among the “first movers” in Operation Epic Fury, disrupting Iranian communications and sensor networks. US Defence Secretary Pete Hegseth also said the US is using AI and cyber tools as part of the campaign. The public gets broad claims and selective detail, while the operational reality is increasingly outsourced to specialised units and contractors whose budgets expand when the “war” is defined as a permanent condition rather than a discrete campaign.

For European governments, the immediate exposure is not only higher energy prices and shipping risk; it is the administrative tail that follows any declared emergency. Cyber incidents tied to a hot war invite rapid procurement, expedited exemptions, and “temporary” rules for data sharing and critical-infrastructure mandates. Once introduced, those tools are difficult to unwind because they create constituencies: vendors who sell monitoring and incident-response services; agencies that gain new powers; and ministries that can reframe domestic policy as continuity planning.

Stryker’s IT environment, attacked via tools designed for corporate device management, is a reminder that the modern battlefield runs through ordinary software consoles. When a hospital supplier’s network becomes a war target, the line between national security and routine corporate administration is no longer a line at all.