Tehran’s Handala collective employs low-yield municipal breaches to generate psychological impact and perceived reach disproportionate to actual capability. AI threatens to scale these attacks across hundreds of localities simultaneously. Federal defensive atrophy—specifically CISA workforce reductions and gutted information-sharing pipelines—renders county-level critical services uniquely exposed to state-sponsored confidence erosion campaigns.
Congress must restore funding and coordination to defend against escalating Iranian cyber threats targeting the United States.
Iran didn’t send a missile to Indiana. It sent a fax. Last week, Saint Joseph’s County was informed by Iranian hackers that they had “completely taken control of the centralized IT infrastructure of St. Joseph County.” The hackers claimed to have seized police reports, court documents, child support payments, and doctors’ notes for thousands of Hoosiers.
In the end, it was revealed that Iran had only breached a single fax server and no files had been deleted. Still, Iran had already succeeded in its mission. The single breach was enough to generate headlines, create panic, and leave residents uncertain of whether their local institutions could protect their most sensitive information.
The goal wasn’t to destroy St. Joseph County—it was to make every county in America wonder if they’re next. Tehran took a minor intrusion and spun it into a narrative of omnipresence—that Iranian hackers can reach anyone, anywhere, at any time. By attacking a northern Indiana county, Iran is not showing precision; they’re showing reach, scale, and psychological impact.
The Handala Hack Shows How Iran’s Cyber Campaign Reaches US Critical Services
Iran’s cyber capabilities don’t match the reputation they’ve carefully cultivated, but artificial intelligence (AI) is closing the gap between reputation and reality. Iranian cyber-attacks such as this are the future of warfare, and small-town America isn’t ready for it.
The perpetrators behind the hack on St. Joseph’s County, Handala Hack, are a pro-Palestinian, pro-Iranian regime hacker collective adopted by Iran’s Ministry of Intelligence and Security. Earlier this month, Handala claimed responsibility for attacking American medical device maker Stryker, wiping cell phones, laptops, and other devices connected to its technology systems. While the company recovered its systems, hospitals in Maryland had to postpone surgeries since Styker implants were unavailable. The attack on the Michigan-based medical company showed how quickly a conflict on the other side of the globe could impact Americans’ well-being at home.
Iranian Hackers Are Targeting US Officials to Erode Public Confidence
The Federal Bureau of Investigation (FBI) then seized multiple website domains used by Handala to publish stolen data, claim credit for attacks, and distribute threatening content. Handala responded by explicitly blaming FBI Director Kash Patel and published more than 300 of his personal emails and photos.
This isn’t the first time that Patel has been targeted by Iranian hackers. In 2024, they breached accounts of incoming Trump administration personnel, including Patel. While the FBI said that no state secrets were leaked as part of the attacks, Handala managed to accomplish some of their likely goals, at least—embarrassing the federal government and undermining public confidence in its ability to protect senior leaders.
AI-Enabled Iranian Cyberattacks Could Overwhelm Local Governments
Things are about to get worse, too. AI will define the next phase of Iranian cyberattacks—making them faster, cheaper, and harder to attribute. A 2025 investigation from Anthropic shows that authoritarian powers, such as China, have already leveraged AI to supercharge their cyber-attacks, and experts see Iran as likely to do the same.
The regime is already prolific in its use of AI for propaganda for boosting morale among the Iranian public and creating confusion and uncertainty for Israelis by means of wartime disinformation.
The same kind of attack that hit a single Indiana county could, in an AI-enabled environment, be replicated across hundreds of municipalities simultaneously. The problem is not just that these capabilities exist—it’s that in this moment, the United States is uniquely unprepared to defend against them.
Congress Must Treat Cybersecurity as a Wartime Priority Before the Next Attack Hits
Congress needs to treat cybersecurity funding as a wartime emergency, not a budget line. The agency responsible for defending against Iranian cyber-attacks, the Cybersecurity and Infrastructure Security Agency (CISA), is currently running at less than half strength, with roughly 60 percent of its workforce furloughed. The administration’s current plan calls for further cuts.
Congress must restore CISA to full strength and make it stick. That also means permanently reauthorizing the State and Local Cybersecurity Grant Program, which is limping along on a temporary extension through September with no new money. And it means reversing CISA’s cuts to the Multi-State Information Sharing & Analysis Center, the primary vehicle through which state and local governments receive cyber-threat intelligence and reduced-cost services. Gutting the information-sharing pipeline between the federal government and local officials is exactly the wrong move when Iranian hackers are already inside county IT systems.
The buzzing of the fax machines of St. Joseph’s County should sound a warning for the whole country. County governments, hospitals, and water authorities are priority targets for Tehran because they hold sensitive data and provide services that Americans depend on daily. And almost none of them are equipped to defend against a nation-state. The next attack won’t announce itself with a fax. It will hit multiple municipalities at the same time, faster than local officials can respond. The question is whether the federal government will act in time.