‘Prepare for the destruction of your infrastructure’: Hackers vow retaliation as Iran takes cyber hit

Iran was hit by an expected cyber onslaught in addition to missiles today as threat actors supporting the Islamic Republic warned Iran’s foes to “prepare for the destruction of your infrastructure” in eminent “massive” cyberattacks.

Given recent reporting on the United States using offensive cyber capabilities in an unprecedented manner to capture Venezuelan leader Nicolas Maduro, Iran was expected to assess its defenses as the U.S. military buildup in the Gulf region intensified and negotiations over the Islamic Republic’s nuclear program reached an impasse.

FAD Team, a pro-Iran hacking group, said in an official statement posted last weekend that they were engaged in “a phase of extreme technical mobilization and silent effort in the most delicate cyber fields,” according to a translation.

The team said it had been doing vulnerability assessments on “strategic sensitive sites and platforms” including the official website of Iran’s supreme leader, Ayatollah Ali Khamenei, the sites of Iran-backed Shiite militias and “dozens of other vital sites.”

The Wall Street Journal and social media users reported that BadeSaba Calendar, a Muslim prayer time app, had its push notifications hacked to send messages to Iranians urging resistance and defections, claiming that those working for the regime would receive amnesty if they surrender.

Iran’s semi-official Fars news agency reported that cyberattacks targeting Iran in conjunction with today’s kinetic strikes included disruptions to several news agencies in the country. The Jerusalem Post reported that large-scale Israeli cyberattacks against critical infrastructure, official news sites and security communications systems caused “an almost complete digital fog” that “was described as unprecedented in scale, combining electronic warfare that disrupted navigation and communications systems with denial-of-service attacks (DDoS) and deep intrusions into data systems tied to the country’s energy and aviation infrastructure.”

But it’s not just about putting Iran on defense. Iran and its proxies are ramping up their own offensive cyber ops, as expected.

CyberKnow, which posted a translation of the FAD Team statement and tracked the allegiances of hacking groups during the 12-day conflict in 2025 between Iran and Israel, predicted on Feb. 18 that “if the U.S. does launch strikes on Iran we can expect pivots across the hacktivist landscape to likely support Iran.”

Today, CyberKnow launched a new Cybertracker with initial known threat-actor allegiances – as of this posting at seven anti-Iran groups and 28 pro-Iran groups, numbers expected “to increase as the conflict increases.” At one point during the 2025 conflict, the Cybertracker identified 105 non-state coalitions supporting Iran, 15 anti-Iran groups and 10 cyber collectives that identified as pro-Israel. As tensions cooled, some groups were seen returning to their non-related, customary targets.

Cybersecurity firm Radware reported during the 2025 conflict a 700% spike in cyberattacks — including attempts to breach critical infrastructure — against Israel shortly after the initial news broke of Israel’s initial strikes on Iran.

The Iranian hacking group Handala was actively pursuing targets then, including claiming breaches of Israeli companies.

Shortly after today’s U.S. and Israeli strikes on Iran, Handala vowed swift retribution.

“The beginning of massive cyber attacks in the coming hours… We have no red lines for the traitors of the region,” the pro-Iran hacking group Handala posted on X today. “Prepare for the destruction of your infrastructure.”

“Hello Jordan… The destruction of cyber infrastructures is currently underway,” the pro-Iran hacking group Handala posted a few hours later. “Additional information coming soon.”

The group also posted an earlier threat against the United Arab Emirates. “The UAE has committed serious acts of betrayal,” Handala said. “Soon, instead of prosperity, the Emirates will be left riding camels once again. We advise Europeans not to even consider traveling to the deserts of the UAE for the next 12 hours.”

Handala, along with some official Iranian government accounts, used the hashtag #HARD_REVENGE on X. The hacking group claimed earlier in the week that it had breached Israel’s largest healthcare network, Clalit.

Sylhet Gang-SG declared on its Telegram channel Friday that “we are fully ready for any coming cyber war.”

“We call Arab, Indonesian, Malaysian, Saheli, Somalian, Afghani, Pakistani, Bangladeshi, Albanian, Bosnia, Turks Hacker teams to Launch Collective Cyber Operations against America and Israel,” they posted after news broke of the strikes early today.

DieNet, a pro-Palestinian hacking group that has claimed DDoS attacks against multiple U.S. critical infrastructure sectors over the past several months, posted on Telegram this morning, “Within hours our servers will be ready to strike Gulf targets Because of her excessive cooperation with the United States.”

German hacker and tech figure Kim Dotcom, who has 1.7 million followers on X, posted on Friday evening, “Hackers of the world. Unite for Iran if the US attacks.”

The threat of retaliation against critical infrastructure isn’t just in the cyber realm. The New York Police Department said that “out of an abundance of caution, we will be enhancing patrols to sensitive locations throughout the city, including diplomatic, cultural, religious and other relevant sites.” The department urged people to be vigilant and report any suspicious activity.

John Hultquist, chief analyst at Google Threat Intelligence Group, cited the NYPD statement as he posted on X, “I am a cyber person and only did a tiny bit of CT a very long time ago but I would argue without hesitation that the most serious threat from Iran is not cyber.”

FBI Director Kash Patel said in a social media statement that counterterrorism and intelligence teams are “on high alert” and were working “to address and disrupt any potential threats to the homeland.”

This is a developing story and will be updated as needed