Historical analysis and expert commentary suggest that military ceasefires rarely translate into pauses in cyberattacks. Following a US-Iran ceasefire, Iran-linked hacktivist group Handala announced a temporary pause in cyber operations against the US, but security researchers are skeptical. Historical precedents — including the 2023 Gaza ceasefire, the 2021 Israel-Hamas ceasefire, and the Russia-Ukraine Black Sea ceasefire — show that cyber activity typically continues or even intensifies during kinetic pauses, as threat actors use the downtime to pivot to alternative targets or ramp up asymmetric pressure. The one notable exception was the 2015 Iran nuclear deal negotiations, during which Iranian cyber activity dropped to near zero. Experts warn that current Iran-aligned groups like the 313 Team and Conquerors Electronic Army are already continuing attacks, and that activity may broaden geographically to North America and Europe.
Table of contents
Iran's Handala Cyberactivity CeasefireHow Cyber Threat Actors Respond to GeopoliticsDo Ceasefires Pause Cyberwars, or Inflame Them?Sort: