On 28 February 2026, coordinated military strikes involving the United States and Israel targeted locations in Iran. Iran's Supreme Leader, Ayatollah Ali Khamenei, was killed in the strikes, after which Iran launched retaliatory actions including missile attacks across the region. The operations were codenamed Operation Roaring Lion (Israel) and Operation Epic Fury (US), targeting Iranian leadership compounds, IRGC facilities, and nuclear-related infrastructure.

The Iranian strategy appears to have been to inflict as much economic disruption as possible, with the closure of the Strait of Hormuz, and targeting Gulf states causing significant impact to the regional and global economy.

The past week has seen a significant uptick in Iranian-linked offensive cyber operations within the region. However, Europe has begun to see the spill over effects.  

So What for Ireland and Europe?  

The cyber-attack on Jaguar Land Rover in September 2025 showed the economic disruption that a single event could cause, costing the company an estimated £1.5 billion, and the UK’s Gross Domestic Product was negatively impacted in Q3 as a result.

In December 2025, the NCSC's National Cyber Risk Assessment identified the dynamic geopolitical environment as a systemic threat to Ireland. While the initial focus was weighted toward the Ukraine conflict, particularly as Ireland prepares to host the EU Presidency later this year, the digital horizon has shifted abruptly toward the Middle East.

Several European countries have issued alerts warning organisations to review their cyber posture. It is assessed as likely that politically motivated actors may attempt to disrupt logistical hubs and US economic interests.  

With today’s claim by the threat actor Handala that it was responsible for the disruption reportedly ongoing at the medtech company Stryker, this indicates a further widening of the conflict in the cyber domain.

Handala is a pro-Palestinian hacktivist group widely believed to operate within the broader ecosystem of Iran-aligned cyber collectives. The group has previously conducted operations targeting Israeli government, defence, and commercial organisations, frequently combining website defacements, data leak claims, and disruptive cyber activity. Handala often uses social media and messaging platforms to publicize alleged breaches and amplify its campaigns, a tactic commonly used by hacktivist groups to generate political messaging and psychological impact alongside technical operations.

This conflict is likely to continue to develop in unexpected ways, and the UK Prime Minister is due to visit Cork tomorrow. Ireland’s traditional geographical advantage on the edge of Europe is no longer as significant in the era of grey zone operations.

Technical Details

Smarttech247 are currently monitoring a global surge in destructive cyber activity attributed to the threat group Handala. Unlike traditional ransomware that encrypt files for profit, these attacks are purely destructive. The group is leveraging compromised administrative credentials to gain access to central management portals, specifically Microsoft Intune and Entra ID to trigger mass "Remote Wipe" commands across entire corporate fleets.  

Attackers are not hijacking individual laptops, instead they are hijacking high-privilege accounts (L1-L3 Admins or Global Admins) to user legitimate IT tools to factory reset devices. This affects Windows laptops, macOS devices, and mobile phones. For mobile devices, the attackers are often choosing the option to delete eSIM data, which serves the device's cellular connection and prevents users from receiving multi-factor authentication codes.