Operation Epic Fury didn’t start with bombs. It started with cyber.
According to U.S. Joint Chiefs of Staff chair Gen. Dan Caine, before the first U.S. bombs started falling on Iran on Feb. 28, operators at U.S. Cyber Command and Space Command had already launched what he called “non-kinetic effects, disrupting and degrading and blinding Iran’s ability to see, communicate, and respond.”
Operation Epic Fury didn’t start with bombs. It started with cyber.
According to U.S. Joint Chiefs of Staff chair Gen. Dan Caine, before the first U.S. bombs started falling on Iran on Feb. 28, operators at U.S. Cyber Command and Space Command had already launched what he called “non-kinetic effects, disrupting and degrading and blinding Iran’s ability to see, communicate, and respond.”
It’s not the first time this administration has used offensive cyberoperations: U.S. President Donald Trump suggested that they had been used to create blackouts in Venezuela in January before the U.S. military seized Venezuelan leader Nicolás Maduro. Caine also acknowledged that Cyber Command and Space Command had created “different effects” in support of the Venezuela operation, without revealing what those effects were.
It’s not even the first time the administration has used such capabilities against Iran, as Caine revealed last June that U.S. Cyber Command had “supported” strikes against three Iranian nuclear facilities that month. That reportedly included cyberweapons that disrupted Iran’s missile defense systems (the Pentagon declined to comment further on its use of cyber).
The Trump administration’s long-anticipated national cyber strategy, released on March 6, touted both of those operations. “Whether … supporting a globe-spanning operation to obliterate Iran’s nuclear infrastructure, or leaving our adversaries blind and uncomprehending during a flawless military operation to bring international narco-terrorist Nicolas Maduro to justice, adversaries are on notice that America’s cyber operators and tools are the best in the world and can be swiftly and effectively deployed to defend America’s interests,” the strategy said, going on to lay out a six-pillar doctrine that starts with the intent to “shape adversary behavior” by using “the full suite of U.S. government defensive and offensive cyber operations.”
U.S. National Cyber Director Sean Cairncross, speaking at a conference in Washington on Monday, described that first pillar as the “single most important piece” of the strategy. “We need to reset the risk calculus across the seas on actors who are seeking to do us harm,” he said.
Offensive cyberoperations are not new to the United States. In fact, one of the most famous examples also involves Iran, where the United States and Israel are believed to have used a jointly developed cyberweapon called Stuxnet in the 2000s to target Iran’s nuclear facilities (both countries have denied doing so).
Publicly acknowledging those offensive cyberoperations, let alone openly boasting about them, is “definitely a new kind of development,” according to Lauryn Williams, who served as the director for strategy in the White House Office of the National Cyber Director and led its strategic initiative on space system cybersecurity in the Biden administration. “Pairing that kind of declaratory public messaging approach that senior officials have with what we saw in the national cyber strategy is a thematic shift from the Trump administration that’s focused on offensive cyberoperations,” said Williams, who is now the deputy director of the strategic technologies program at the Washington, D.C.-based Center for Strategic and International Studies.
Israel, one of the world’s most sophisticated cyber-military operators, has also been heavily involved in the current conflict. The Financial Times reported that Israeli hacks of Tehran’s traffic cameras and mobile towers played a key role in the killing of Iranian Supreme Leader Ayatollah Ali Khamenei. Israel reportedly also hacked BadeSaba Calendar—a popular Iranian prayer app with more than 5 million downloads—to display messages such as “It’s time for reckoning” and “help has arrived” on the first day of U.S.-Israeli strikes. (The Israeli government has not publicly taken responsibility for the hack.)
Iranian state media also reported that several Iranian news sites were compromised to display messages against Khamenei’s regime that day, though those have also not been claimed by either the U.S. or Israeli governments.
But the Israel Defense Forces did claim credit for a strike that it said hit Iran’s “Cyber Warfare headquarters,” though the level of damage to the facility and the strike’s impact on Iran’s cyber-capabilities remain unclear.
Iran has long been classified as one of the United States’ and its allies’ biggest cyber-adversaries, with Iranian hackers successfully targeting everything from Las Vegas casinos to U.S. rural water systems to Trump’s 2024 election campaign.
“Iran is formidable when it comes to cybersecurity,” said Scott White, director of the cybersecurity program at George Washington University and a former Canadian military and intelligence officer. “We place Iran in the category of China, Russia, North Korea as the big four government-backed advanced persistent threats.”
Since the Iran war began on Feb. 28, there have been some signs of Iran-affiliated groups targeting Israeli systems, with the Israel National Cyber Directorate warning about “dozens” of Iranian breaches of Israeli security cameras and attempts to infiltrate and delete data from Israeli systems. So-called hacktivist groups linked to Iran such as Handala and Cyber Islamic Resistance have also targeted U.S., Israeli, and other regional infrastructure in the past week, according to cybersecurity firms Flashpoint and Halcyon, but many of those groups’ claims about the impact of their attacks remain unverified.
On the whole, the expected large-scale cyber-retaliation from Iranian state entities has been “more muted,” particularly against U.S. critical infrastructure, according to Alexander Leslie, a senior advisor at the cybersecurity and intelligence firm Recorded Future. “There’s a lot of claim-heavy activity and low-intensity disruption, with comparatively less confirmed, sophisticated Iranian state cyber at scale,” he said in an email. “We continue to see signs that groups associated with the IRGC [Islamic Revolutionary Guard Corps] and the Ministry of Intelligence have been quieter and more defensive than many expected, while hacktivist noise is easier to generate and easier to amplify.”
While that could be because of disruptions from the war, limited internet connectivity within Iran, and the killing of senior leadership figures who would normally direct cyberoperations, it’s also plausible that Iran is simply biding its time.
“While this [Trump] administration may live in the moment, the Iranians will live in the year,” White said. “We may have a response to this particular conflict a year from now—anytime you’re dealing in asymmetric warfare, it’s going to be on their time.”
Wednesday served up a relatively small taste of what that could look like, when Michigan-based medical device company Stryker—which has more than 56,000 employees worldwide—said it had been compromised by a cyberattack. Handala, the Iran-linked hacking group, reportedly claimed responsibility for the attack, though Stryker has not yet attributed the attack to any specific group or actor.
Obliterating Iran’s cyber-capabilities is arguably harder than destroying its bombs and missiles, and Williams said that the more Iran’s conventional military capabilities are degraded, the likelier it is to escalate in cyberspace. Cyber’s ability to be deployed from anywhere means it “is an accessible tool even to less well-resourced state actors, so I would be concerned over time about Iran leveraging more cyberattacks as a tool in the conflict as its kinetic capabilities are destroyed,” she added.
But the growing U.S. use of cyberattacks alongside kinetic ones has further blurred the line between the two and continues to shift the paradigm of what modern warfare looks like. “This war reinforces the idea that cyber is embedded in modern conflict rather than adjacent to it,” Leslie said.
