惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Jina AI
Jina AI
P
Palo Alto Networks Blog
GbyAI
GbyAI
大猫的无限游戏
大猫的无限游戏
A
Arctic Wolf
Hugging Face - Blog
Hugging Face - Blog
小众软件
小众软件
Y
Y Combinator Blog
T
The Blog of Author Tim Ferriss
Blog — PlanetScale
Blog — PlanetScale
S
Schneier on Security
V
Vulnerabilities – Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
雷峰网
雷峰网
T
Tenable Blog
人人都是产品经理
人人都是产品经理
T
Tor Project blog
C
Cyber Attacks, Cyber Crime and Cyber Security
AWS News Blog
AWS News Blog
Microsoft Security Blog
Microsoft Security Blog
J
Java Code Geeks
Scott Helme
Scott Helme
SecWiki News
SecWiki News
C
CERT Recently Published Vulnerability Notes
Recorded Future
Recorded Future
I
InfoQ
Security Archives - TechRepublic
Security Archives - TechRepublic
Help Net Security
Help Net Security
Cloudbric
Cloudbric
C
Check Point Blog
Engineering at Meta
Engineering at Meta
TaoSecurity Blog
TaoSecurity Blog
B
Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
博客园_首页
N
News and Events Feed by Topic
云风的 BLOG
云风的 BLOG
MyScale Blog
MyScale Blog
腾讯CDC
量子位
Application and Cybersecurity Blog
Application and Cybersecurity Blog
K
Kaspersky official blog
Vercel News
Vercel News
F
Full Disclosure
T
Troy Hunt's Blog
Forbes - Security
Forbes - Security
S
Security @ Cisco Blogs

darkreading

Vidar Rises to Top of Chaotic Infostealer Market Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain UNC6692 Combines Social Engineering, Malware, Cloud Abuse Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation 20-Year-Old Malware Rewrites History of Cyber Sabotage Parsing Agentic Offensive Security's Existential Threat Helping Romance Scam Victims Require a Proactive, Empathic Approach US Busts Myanmar Ring Targeting US Citizens in Financial Fraud Glasswing Secured the Code. The Rest of Your Stack Is Still on You AI Phishing Is No. 1 With a Bullet for Cyberattackers North Korea's Lazarus Targets macOS Users via ClickFix Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets China-Backed Hackers Are Industrializing Botnets Bad Memories Still Haunt AI Agents 'Zealot' Shows What AI's Capable of in Staged Cloud Attack Africa Relinquishes Cyberattack Lead to Latin America — For Now 'The Gentlemen' Rapidly Rises to Ransomware Prominence DPRK Fake Job Scams Self-Propagate in 'Contagious Interview' Ransomware Negotiator Pleads Guilty to BlackCat Scheme Exploits Turn Windows Defender into Attacker Tool Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool Chinese APT Targets Indian Banks, Korean Policy Circles Vercel Employee's AI Tool Access Led to Data Breach Serial-to-IP Devices Hide Thousands of Old & New Bugs WhatsApp Leaks User Metadata to Attackers How NIST's Cutback of CVE Handling Impacts Cyber Teams Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing Every Old Vulnerability Is Now an AI Vulnerability Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities North Korea Uses ClickFix to Target macOS Users' Data 'Harmless' Global Adware Transforms Into an AV Killer Two-Factor Authentication Breaks Free from the Desktop Microsoft's Original Windows Secure Boot Certificate Is Expiring 6-Year Ransomware Campaign Targets Turkish Homes & SMBs Critical MCP Integration Flaw Puts NGINX at Risk Navigating the Unique Security Risks of Asia's Digital Supply Chain Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests Microsoft, Salesforce Patch AI Agent Data Leak Flaws Microsoft Bets $10B to Boost Japan's AI, Cybersecurity Privilege Elevation Dominates Massive Microsoft Patch Update EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses War Game Exercise Demonstrates How Social Media Manipulation Works Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads CSA: CISOs Should Prepare for Post-Mythos Exploit Storm Adobe Patches Actively Exploited Zero-Day That Lingered for Months Empty Attestations: OT Lacks the Tools for Cryptographic Readiness APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials Hims Breach Exposes the Most Sensitive Kinds of PHI Your Next Breach Will Look Like Business as Usual FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats Orange Business Reimagines Enterprise Voice Communications With Trust and AI Industrial Controllers Still Vulnerable As Conflicts Move to Cyber Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands? Russia's 'Fancy Bear' APT Continues Its Global Onslaught 'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues Russia's Forest Blizzard Nabs Rafts of Logins via SOHO Routers Threat Actors Get Crafty With Emojis to Escape Detection AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties Fraud Rockets Higher in Mobile-First Latin America Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus Niobium Introduces The Fog Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams Iranian Threat Actors Disrupt US Critical Infrastructure via Exposed PLCs Storm-1175 Deploys Medusa Ransomware at 'High Velocity' Grafana Patches AI Bug That Could Have Leaked User Data RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever Human vs. AI: Debates Shape RSAC 2026 Cybersecurity Trends Lies, Damned Lies, and Cybersecurity Metrics Focusing on the People in Cybersecurity at RSAC 2026 Conference AI-Assisted Supply Chain Attack Targets GitHub Axios Attack Shows How Complex Social Engineering Is Industrialized Fortinet Issues Emergency Patch for FortiClient Zero-Day Automated Credential Harvesting Campaign Exploits React2Shell Flaw Shadow AI in Healthcare Is Here to Stay OWASP GenAI Security Project Gets Update, New Tools Matrix Inconsistent Privacy Labels Don't Tell Users What They Are Getting Apple Breaks Precedent, Patches DarkSword for iOS 18 Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication Claude Source Code Leak Highlights Big Supply Chain Missteps Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026 Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate Security Bosses Are All in on AI: Here's Why RSAC 2026: AI Dominates, But Community Remains Key to Security Bank Trojan 'Casbaneiro' Worms Through Latin America Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense LatAm's Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut Cyberattacks Intensify Pressure on Latin American Governments Venom Stealer MaaS Platform Commoditizes ClickFix Attacks Are We Training AI Too Late? The Forgotten Endpoint: Security Risks of Dormant Devices Axios NPM Package Compromised in Precision Attack Google's Vertex AI Is Over-Privileged. That's a Problem TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials
Do Ceasefires Slow Cyberattacks? History Suggests Not
2026-04-09 · via darkreading

A trinket of the US and Iran flags.

Source: Karen Hovsepyan via Alamy Stock Photo

With the US and Iran having reached a fragile ceasefire this week, security researchers and executives are left wondering whether there will be a commensurate pause in the cyberwarfare that has ramped up around the war.

The day after the temporary truce was announced, Iran's most high-profile false-flag hacktivist operation, Handala, offered that it would participate in a temporary pause in hostilities. But even if one takes that group at its word, history suggests that ceasefires rarely stop or slow cyberactivity surrounding kinetic wars. In fact, in the absence of more effective ways of fighting, cyberattacks tend to flare significantly.

"Historical data and recent intelligence analysis indicate that a military ceasefire rarely equates to a 'digital stand-down,'" warns Austin Warnick, director of Flashpoint’s National Security Intelligence Team. Instead, he tells Dark Reading, "Cyber operations often remain steady or even flare up as an asymmetric pressure valve while kinetic hostilities are paused."

Related:More Than 40% of South Africans Were Scammed in 2025

Iran's Handala Cyberactivity Ceasefire

On April 8, Handala posted a typically flowery, but in some ways candid, notice to its Telegram channel. It conceded that "according to the orders from the highest leadership" in Iran, it has postponed its cyber activity against the United States. 

Handala's ceasefire announcement

Source: Check Point Research

This is significant, as Handala has unquestionably been the most widely publicized threat actor in the war. It claimed responsibility both for the ransomware-ish attack against Stryker — the biggest cyber fish of the war so far, for Iran — and the compromise of FBI director Kash Patel's personal email account, which is the most symbolically significant incident so far.

Handala did qualify its cyber ceasefire, though, by noting that "The cyber war did not begin with the military conflict, and it will not end with any military ceasefire." Eventually the attacks will resume, and in the meantime, the group will still be directing all of its cannons at Israel.

For Sergey Shykevich, threat intelligence group manager at Israel-based Check Point Research, it's too early to tell whether Handala — or Iranian advanced persistent threats (APTs) more generally — will stop or slow down any attacks. Promises aside, he says, "I would not be surprised if, at some point over the next two weeks, they resume cyberattacks as another means of applying pressure against the US."

How Cyber Threat Actors Respond to Geopolitics

Real and fake hacktivist operations, and similarly loud threat actors, might gain something by glomming onto ceasefire deals. They might hope to earn some legitimacy and status by pulling up a chair at the big boy table, and participating in a major geopolitical event. Whether their promises actually mean anything, though, varies from conflict to conflict.

Related:Retail, Services Industries Under Fire in Oceania

Following the Oct. 7 massacres in Israel, and Israel's invasion of Gaza thereafter, the two sides reached a temporary ceasefire in late November 2023. At that time, one of Handala's closest equivalents, Cyber Toufan — also a false-flag hacktivist operation, and also part of Iran's "Resistance Axis" — indicated that it was pausing operations until the war resumed. It's unclear whether Cyber Toufan slowed its activity at all, because between November and December 2023 it had claimed more than 100 Israeli victims on its leak site.

Toufan's 2023 ceasefire announcement

Source: Telegram, via the Reichman University's International Institute for Counter-Terrorism (ICT)

More often than not, ceasefires stoke cyberattacks, as warring sides take to this alternative method of hurting their enemy and gaining leverage for future negotiations. One Hamas-aligned threat actor used a 2021 ceasefire with Israel as its excuse to rev up a fresh phishing campaign across the Middle East, for example. And when Ukraine and Russia agreed to a Black Sea ceasefire last year, both sides simply used the downtime to carry out major cyberattacks, including some against the very same kinds of energy infrastructure that the ceasefire was meant to protect.

Related:Mideast, African Hackers Target Gov'ts, Banks, Small Retailers

Going even further back, Markus Mueller, field chief information security officer (CISO) for Nozomi Networks, explains, "The major cyberattacks in Ukraine took place during a time when, at least on the Russian side, the war wasn't active. It was right after Russia annexed Crimea. They hadn't really done the big push — what some folks call the second Ukraine war. That in-between period is when we saw a lot of the larger attacks."

Do Ceasefires Pause Cyberwars, or Inflame Them?

In general, FlashPoint's Warnick says, "Threat actors treat diplomatic pauses as technicalities, using the time to pivot toward secondary targets or allies to maintain pressure without technically violating military agreements. Current evidence further supports this, as low-level and nuisance-level cyber activity from [Iran-aligned] groups like the 313 Team and Conquerors Electronic Army has continued without pause." 

On April 8, 313 Team claimed responsibility for an attack on an Australian government authentication portal, and Conquerors Electronic Army claimed distributed denial-of-service (DDoS) attacks against Israeli targets, plus the US-based freelancer website Upwork.

Mueller agrees with Warnick's assessment, as it pertains to the current situation in Iran. "I think there will be a change in cyber activity both in scope and scale," he says. "The majority of activity we've seen around this conflict so far is regionalized. We foresee — based on what we've seen with other conflicts both within the region, but also with Ukraine — that it's going to grow a little more broad, and we're going to have more activity in North America, more activity in Europe, or any country that was seen as supporting the conflict."

Though most ceasefires don't cease cyberattacks, there is one ironic example to the contrary — a temporary peace deal which caused a substantial slowdown in malicious online activity. In the leadup to negotiations for the 2015 Iran nuclear deal, analysts observed the Islamic Republic probing US critical infrastructure for vulnerabilities that might facilitate serious attacks. But during the negotiating period, malicious cyberactivity went from high-volume to zero. According to The New York Times at the time, security researchers found not one single instance of a malicious phishing email, or critical infrastructure probe, aimed by Iran at the US during that period. Malicious activity resumed a couple of weeks after the negotiations ended, but at a slower rate, and didn't reach pre-negotiation levels until Donald Trump tore up the deal.

Don't miss the latest Dark Reading Confidential podcast, Security Bosses Are All in on AI: Here's Why, where Reddit CISO Frederick Lee and Omdia analyst Dave Gruber discuss AI and machine learning in the SOC, how successful deployments have (or haven’t) been, and what the future holds for AI security products. Listen now!

About the Author

Nate Nelson

Contributing Writer

Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost.