- Pro-Iran hackers are attacking major U.S. corporate and digital infrastructure.
- These groups publicly claim credit and vow more attacks over U.S. foreign policy.
- A recent attack crippled a major corporation by wiping employee devices remotely.
- Hackers have claimed, without verification, a deadly industrial explosion on U.S. soil.
- This marks a dangerous shift toward disruptive economic and hybrid warfare.
A new front in the ongoing Middle East conflict has opened in cyberspace, and American businesses and infrastructure are directly in the crosshairs. Pro-Iran hacking groups are claiming responsibility for a series of disruptive cyberattacks against major U.S. targets, including Microsoft 365 services, websites affiliated with President Donald Trump, and an American bank. These groups have vowed to ramp up their offensive, explicitly citing U.S. foreign policy as their motivation and signaling a dangerous escalation in digital warfare.
The activity is widespread and brazen. The "Islamic Cyber Resistance in Iraq – 313 Team" has been particularly vocal, claiming last week to have temporarily knocked the donaldjtrump.com website offline. "In the coming days we will target all companies affiliated with US President Trump," the group declared. They followed through by asserting responsibility for an outage at U.S.-based Commerce Bank and, most significantly, for a major disruption to Microsoft 365 servers. "We launched a cyberattack targeting Microsoft 365 servers, completely shutting down the website," the 313 Team posted, although Microsoft stated it identified and resolved an underlying infrastructure issue.
A collective vow for more attacks
These incidents are part of a coordinated campaign. An allied collective, the Cyber Islamic Resistance, echoed the threats, posting that "a new target has been set in stone" and showing a screenshot of an error involving Microsoft's Azure service. "We will continue to target other U.S companies due to Trump’s actions in the middle east," the group stated. The rhetoric is matched by action, including fundraising appeals on Telegram channels to bolster their hacking infrastructure. "Your contribution — even if just one dollar — is not charity but a stance and declaration of defiance," one appeal read.
Separately, a chilling and unverified claim has emerged from another faction. A group called APT IRAN, which has a history of targeting industrial control systems, claimed responsibility for a deadly explosion at a Horizon Biofuels plant in Fremont, Nebraska, in July 2025. The blast killed 32-year-old Dylan Danielson. "In our last attack on an industrial site in the US... one person was killed," the group stated, offering no proof beyond a video of the explosion. If verified, this would mark a catastrophic leap from data disruption to real-world physical destruction and loss of life on U.S. soil.
The shift to destructive disruption
This cyber offensive aligns with a concerning shift in tactics. For years, Iranian-linked hackers have been known for destructive "wiper" attacks designed to erase data, such as the 2012 attack on Saudi Aramco. Recently, their campaigns have involved espionage and low-level website defacements. However, a significant attack on Michigan-based medical technology giant Stryker this month indicates a move toward highly disruptive actions against corporate operations. Hackers believed to be from the "Handala" group, linked to Iran, reportedly gained access to Stryker's Microsoft Intune device management system and used legitimate administrative tools to remotely wipe employee smartphones and laptops back to factory settings, crippling internal communications.
The Stryker incident demonstrates how hackers can weaponize everyday business software. It also shows that the battlefield is no longer confined to government networks or defense contractors. The targets are now mainstream American corporations that form the backbone of the economy and critical infrastructure, from medical technology to cloud computing services. The parallel threats against physical offices of companies like Google and Microsoft in Qatar, which led to evacuations and missile intercepts, underscore that this is a hybrid campaign blending digital and kinetic intimidation.
Historically, the U.S. has faced persistent cyber threats from state actors, but the current wave is notable for its public, taunting nature and its direct linkage to geopolitical grievances. The hackers are not hiding; they are publicly taking credit, issuing threats, and fundraising in plain sight on social media platforms. This represents a bold challenge to American cyber defenses and corporate resilience.
The ultimate goal appears to be inflicting economic cost, creating a sense of vulnerability and eroding confidence in the digital systems that underpin daily life and commerce. As these pro-Iran groups continue to promise more attacks, the situation demands a sober recognition that the tools of modern conflict extend far beyond bombs and bullets. In today's wars, a keyboard can be as consequential as a command center.
Sources for this article include:
Please contact us for more information.