Michigan may be more than 6,000 miles away from the war in Iran, but, virtually speaking, it’s well within striking distance.
An Iran-linked group calling itself Handala claimed responsibility for a cyberattack on Portage, Michigan-based medical device maker Stryker Corp., carried out on March 11, 2026. Handala said the attack was in retaliation for events related to the conflict in Iran.
The cyberattack affected Stryker’s internal Microsoft software system, disrupting the company’s order processing, manufacturing and shipping.
As a scholar who researches cyber conflict, I’ve found that in periods of geopolitical tension such as the current U.S./Israel-Iran war, cyber operations often sit right next to missiles and airstrikes as a tool that states and state-linked groups use to inflict damage, probe weaknesses and signal resolve to their enemies.
The Stryker case is notable because it shows how quickly a regional conflict can translate into disruption for organizations far from the battlefield. It also illustrates the vulnerabilities of U.S. organizations, including those involved in critical infrastructure.
Modern critical infrastructure does not only involve the obvious big targets like power plants or water utilities. It also relies on suppliers and service providers that sit one or two links upstream – such as managed information technology providers, cloud and data center operators and specialized parts suppliers – that keep everything from hospitals to transit systems running.
This is one reason U.S. officials emphasize critical infrastructure as a whole-of-society problem, not a niche government issue. The Cybersecurity and Infrastructure Security Agency’s “Shields Up” guidance is written for exactly this reality: a world where geopolitical shocks can threaten organizations that did not think they were part of the battlefield.
Cyber operations are often about options
When people imagine cyber warfare, many often picture dramatic outcomes. The lights go out. The water turns toxic. The trains stop. Those scenarios are real risks. But they are not the only objective, and often not the main one. The real strategic value is access.
Cyber access is like a set of keys. If you can get into a network quietly, stay there and learn how it works, you create options for later. You can steal information, map dependencies and position yourself to cause disruption. You can keep the option to strike in your pocket, so that in a crisis, you can cause or credibly threaten to cause harm.
That is why U.S. agencies took the China-linked Volt Typhoon group’s hacking activity so seriously. In joint advisories, U.S. officials described a campaign that compromised the information technology systems of organizations across multiple critical infrastructure sectors and used so-called living-off-the-land techniques that can blend into normal administrative activity.
This is an important point. A lot of state-linked cyber…
