The Islamic Republic of Iran Attacks U.S. and Allied Critical Infrastructure

Iranian hackers are targeting industrial equipment and causing operational disruptions to multiple types of critical infrastructure, warned the U.S. government on April 7. Despite the ceasefire announced later that day, Tehran’s state-backed cyber operators and pro-regime hackers continue to threaten America and its allies. “Our cyber jihad is the extension of our martyrs’ blood, and it will go on until full vengeance is achieved,” pledged one state-backed group. Another warned that its operations against Israel continue “at full force.” Meanwhile, during the 39 days of the war, Tehran’s military conducted a sustained campaign of kinetic strikes on U.S. and allied civilian critical infrastructure, including systems vital for public health and safety. Even as the drone and missile strikes subside, Tehran’s intent to disrupt and destroy commercial systems remains clear.

Cyber and Kinetic Attacks on Public Health and Safety

March 3: Wheat silos, Jordan

Pro-regime hackers targeted the electronic control systems of Jordan’s national wheat silos in an attempt to disrupt food supply chains. Jordanian cybersecurity teams mitigated the attack before damage occurred.

March 11: Medical device manufacturer, United States

Handala, an Iranian Ministry of Intelligence and Security front group, executed a destructive wiper attack against Stryker Corporation, a Fortune 500 medical technology company. Attackers remotely deleted data from more than 200,000 employee devices and claimed to have stolen 50 terabytes of data. The attack forced the company to take down its electronic ordering and shipping systems for nearly two weeks, creating supply chain disruptions at hospitals nationwide. Stryker disclosed in a subsequent SEC filing that surgeries had to be postponed due to delivery delays.

March 28: Water utilities, United States

Handala threatened to attack U.S. water infrastructure if U.S. airstrikes continue. A week prior, the group had posted maps of Israeli water and electric infrastructure to signal that Iran can conduct cyberattacks and military strikes against these systems.

March 29-30: Desalination plant, Kuwait

Iranian drones struck a power and water desalination plant in Kuwait, killing one worker and causing significant damage to a service building. Kuwaiti authorities stated that nationwide electricity and water operations remained stable. The strike nonetheless highlights an acute vulnerability: Kuwait relies on desalination for approximately 90 percent of its drinking water, and any sustained disruption to its network of plants could have immediate, severe consequences for the civilian population.

Kinetic Attacks on Digital Infrastructure

March 2: AWS data centers, UAE

Iranian drones struck two Amazon Web Services (AWS) data centers in the United Arab Emirates (UAE), directly hitting both sites and causing service outages across the region. This was the first confirmed military attack on a hyperscale cloud provider. Strikes caused structural damage and triggered fire suppression systems that produced additional water damage. The outages cascaded across multiple core AWS services and spread to a wide range of consumer-facing businesses. Major UAE banks, including Emirates NBD, and First Abu Dhabi Bank reported disruptions to mobile banking apps and phone services. Payments platforms Alaan and Hubpay went offline, and ride-sharing and delivery giant Careem reported outages.

March 24-25: AWS, Bahrain

Iranian drone activity caused a second wave of AWS outages in Bahrain, the second such incident within a single month, forcing customers to shift workloads to other regions.

April 1: Batelco headquarters, Bahrain

Iranian missiles struck the headquarters of Batelco, Bahrain’s largest telecommunications company. The facility hosts critical AWS infrastructure. Bahrain’s Interior Ministry confirmed that civil defense teams were deployed to extinguish a fire at the site. Bahrain’s AWS operations were reportedly damaged in the strike. Iran had publicly threatened to target U.S. companies the day prior, including Amazon, Microsoft, Google, Boeing, and JPMorgan Chase.

April 2: Oracle data center, UAE

The Islamic Revolutionary Guard Corps (IRGC) navy claimed responsibility for a strike on Oracle’s data center and information infrastructure in Dubai. Dubai’s Media Office denied the claim, calling the reports “fabricated and incorrect,” and no independent confirmation has emerged. A Bellingcat investigation published the same day found that the UAE has a documented pattern of downplaying or denying successful Iranian strikes.

April 3: OpenAI data center, UAE

The IRGC threatened to strike a data center in Abu Dhabi that OpenAI is currently constructing. The data center is part of a larger project with American companies Oracle, Nvidia, and Cisco, and Japanese investment company SoftBank. An IRGC spokesman warned that all U.S. and Israeli information and communications technology “shall face complete and utter annihilation.”

April 6-7: Telecommunications facilities, UAE An Iranian drone struck a telecommunications building operated by Emirati provider “du” in Fujairah on April 6. The following day, an Iranian ballistic missile struck an administrative building belonging to Thuraya Telecommunications Company in Sharjah, injuring two civilians.

Cyber and Electronic Attacks on Transportation, Energy, and Finance

(For a full list of kinetic attacks on energy and transportation infrastructure, see FDD’s tracker of Islamic Republic of Iran attacks on its Arab neighbors.)

February 28-March 12: GPS spoofing and jamming

Beginning within 24 hours of the first U.S.-Israeli strikes on Iran, Iran conducted a large-scale GPS spoofing and jamming campaign across the Persian Gulf, Strait of Hormuz, and Gulf of Oman. A maritime intelligence firm logged more than 1,100 vessels experiencing navigation interference within the first 24 hours alone. This rose by 55 percent the following week. By March 3, another maritime intelligence firm had recorded 1,735 GPS interference events affecting 655 vessels. Ships’ reported positions were displaced onto airports, inland locations, and over a nuclear power plant. Some tankers were forced to reverse course or “go dark” by switching off their tracking signals. Combined with Iran’s military threats, the spoofing and jamming slowed and at times halted traffic through the Strait of Hormuz, which handles approximately 20 percent of the world’s oil and natural gas shipments, creating hazardous navigation conditions for an estimated 40,000 seafarers.

March 1: Jordanian and Israeli energy infrastructure

Iranian hacker groupHandala claimed to have successfully compromised fuel distribution systems in Jordan and an Israeli energy exploration company. Over the next four weeks, the group and pro-regime hacktivists asserted on multiple occasions that they had compromised Israeli, Jordanian, and others’ critical infrastructure.

March 1-5: Kuwait International Airport

Iran-linked hacktivist group DieNet claimed to have successfully compromised Kuwait International Airport’s systems as part of a broader campaign targeting Kuwaiti government and infrastructure networks.

March 12: American banks

The IRGC military command in mid-March called for strikes on American and Israeli banks. The threats occurred following a reported missile strike on a digital security center serving Bank Sepah, one of Iran’s largest state-owned banks. The United States had previously sanctioned Sepah for its role financing Iran’s Ministry of Defense.

April 7: U.S. critical infrastructure

For at least the past month, Iranian-affiliated operatives exploited internet-connected operational technology across multiple U.S. critical infrastructure sectors, including water, energy, and government services, according to a U.S. government cybersecurity alert. Attackers manipulated industrial control systems, resulting in operational disruptions.

Annie Fixler is the director of the Center on Cyber and Technology Innovation (CCTI) and senior fellow at the Foundation for Defense of Democracies (FDD). Aarushi Garg is a CCTI intern. For more analysis from the authors and CCTI, please subscribe HERE. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.