Risky Bulletin — "Between Two Nerds: Unleashing Iran's hackers"

Date: March 16, 2026
Hosts: Tom Uren and The Grugq
Podcast: Risky Bulletin (Risky Business Media)

Episode Overview

This episode explores the current and future state of Iranian cyber activity in the context of recent physical attacks on Iranian cyber infrastructure and escalating regional conflict. Tom Uren and The Grugq (the gruk) discuss the impact of war on Iran's state-backed hacking capabilities, the strategic value (or lack thereof) of cyber operations during wartime, and how such attacks affect adversaries' societies. The episode also takes a comparative look at how different countries structure their cyber operations, Iran’s resiliency, and the motivations behind these campaigns.

Key Discussion Points & Insights

1. The Stryker Ransomware Incident and Initial Impressions

• Kim Zetter's report details a ransomware attack against Stryker, a major medical device manufacturer, by the Iranian hacktivist group Handala (H A N D A L A).
  • Tom describes it as “serious” with “lots of people not working.” [00:39]
  • Grugq jokes about the impact: "That's awful. I would hate to be struck with not working." [01:00]

2. The Immediate Effects of War on Iranian Cyber Operations

• Recent bombings reportedly targeted the Iranian Revolutionary Guard Corps’ cyber headquarters and individual hackers (including a most-wanted hacker).
  • Tom: “It seems like Iranian state hackers were in the country, their facilities or at least to some degree, being targeted.” [02:22]
• The duo agree Iranian state hackers have more immediate concerns like survival (food, water, electricity) amid bombings.
  • Grugq: “They’re probably more worried about... staying alive in the middle of a bombing campaign as opposed to what the return to office policy is at that particular moment.” [03:13]

3. The Point of Cyber Operations During Full-Scale War

Espionage, Effects, and Military Value

• Grugq: Espionage offers little value when a side lacks military means to exploit intelligence.
  • “If you are Iran versus the U.S. I think even having like complete access to every message that the US military is sending itself would not help you in any way militarily.” [04:13]
• Effects (“cyber effects for effect’s sake”) make more sense when conventional capability is gone:
  • “If you have no military to speak of... you could just do effects for effect’s sake, just for the hell of it, really.” [04:56]
  • These might target civilian morale rather than military function.

4. The Limitations and Potential (Non-)Impact of Cyber Campaigns on Society

• Tom questions whether civilian-targeted cyber attacks cause meaningful political change or just inconvenience.
  • “The US is a massive country... I don’t think it will move the needle.” [06:41]
• Grugq points out minor disruptions likely don’t change public sentiment, referencing the limited impact compared to something like Jaguar Land Rover’s massive production halt:
  • “Things are annoying and delayed and I don’t know if annoyance and like frustration works in quite the same way as like, having your neighbors killed.” [07:55]
• Both agree that, for a country as large as the US, such campaigns “won’t be noticed” at scale.
  • Grugq: “You can jab them with a needle as many times as you like. There’s still an elephant.” [08:50]

5. Historical Analogy: Ineffective Campaigns

• Grugq recounts the early WWII British bombing campaign and the Butt Report, drawing parallels with the possible disconnect between Iranian perceptions and US reality:
  • “You could see the Iranians responding, we’ve wiped out over 20% of their small to medium business capacity for selling shoes or delivering pizza. We’ve got them on the ropes and the US is just completely unaware.” [10:41]

6. Why Launch Futile Campaigns? Motivation & Internal Value

• Even unsuccessful attacks may be valuable for morale, giving participants something to celebrate.
  • Grugq: “Morale was actually internal as opposed to [the enemy].” [12:19]
• Destructive attacks carry little risk of escalation once open conflict has begun:
  • “You can’t escalate from where they are right now. Right. Like, it’s. They’ve already realized the worst outcome.” [12:56]

7. Long-Term Outlook: Will Iranian Cyber Operations Be "Unleashed"?

Surviving and Adapting

• As bombing subsides and political will for further strikes wanes, Iranian hacking efforts may become less constrained.
  • Tom: “…they've got in effect, nothing to lose. It probably won't achieve much from balance of power in a strategic sense, but it could well appeal to like just national pride, I suppose, or an internal organization morale.” [22:18]
• Iran’s distributed, contractor model makes its cyber operations resilient—unlike more hierarchical approaches (e.g., Cybercom in the US):
  • Grugq: “Any individual one that you take out is not going to impact any of the other ones. Like, it’s almost a terrorist cell network in a way.” [16:12]
• Lower operational sophistication, reliance on commodity malware, and lack of need for stealth in destructive attacks further boost resilience.

Comparative Note: North Korea and the Cyber Investment Trajectory

• Grugq sees a comparison to North Korea—once faced with few options, cyber becomes the affordable, resilient way to respond and project strength:
  • “If you look at for example, the trajectory of North Korea... they have good people doing amazing operations these days. There’s no reason that Iran can’t do the same thing over the next few years.” [25:09]
• This might serve as an "accelerant" to Iran developing stronger cyber teams even faster.
  • Tom: “Perhaps this will actually be an accelerant and it’ll encourage them because they’ve got no alternatives in the short term…” [25:34]

8. Strategic & Practical Implications for the West

• Given Iran's limited risk and the ease of rebuilding cyber teams, this could mean a steady rise in nuisance, propaganda, and destructive cyber activity.
  • Grugq: “There’s potential upside and basically no downside. So why not?” [22:33]
• Tom notes, however, that a cyber nuisance is preferable to the threat of nuclear escalation:
  • “Let me swap the possibility of nuclear war with Iran for worse hack. Right. That is actually like a good trade.” [22:49]

Notable Quotes & Memorable Moments

• “If you are Iran versus the U.S. I think even having like complete access to every message that the US military is sending itself would not help you.”
  —Grugq [04:13]

• “You can jab them with a needle as many times as you like. There’s still an elephant.”
  —Grugq [08:50]

• “It gives you something to celebrate and I don’t see that it costs them anything because during peacetime if you do a destructive attack, there’s the fear of escalation... But you can’t escalate from where they are right now.”
  —Grugq [12:24, 12:56]

• “Morale was actually internal as opposed to [the enemy].” [on psyops leaflets]
  —Grugq [12:19]

• “Any individual [company] that you take out is not going to impact any of the other ones. Like it’s almost a terrorist cell network in a way.”
  —Grugq [16:12]

• “If you look at... North Korea. They went from being... very low skilled, low level capabilities... now like an absolutely world class team... there’s no reason that Iran can’t do the same thing.”
  —Grugq [25:09]

• “Let me swap the possibility of nuclear war with Iran for worse hack. Right. That is actually like a good trade.”
  —Tom Uren [22:49]

Timestamps for Important Segments

• 00:39 — Stryker ransomware incident details
• 02:22 — Reported bombings of Iranian cyber facilities and individual hackers
• 04:08–04:56 — Value of espionage vs. "cyber effects" during war
• 06:41–08:50 — Debate on whether cyber attacks can change civilian sentiment
• 10:18–10:50 — The Butt Report analogy and strategic bombing mistakes
• 12:19–13:10 — Morale and motivation for seemingly pointless campaigns
• 16:12–16:55 — Iranian cyber operations’ structure and resilience
• 22:18–22:49 — Future prospects: “unleashing” Iran’s hackers and relative risk to the West
• 25:09–27:15 — North Korea/Iran comparison on cyber investment and capability

Summary

This episode examines the “unleashing” of Iranian hackers in the wake of military and infrastructure attacks, suggesting that while cyber campaigns by Iran may achieve little in shifting the balance of power, they are both low-cost and low-risk means of maintaining morale and asserting national resilience. The discussion, punctuated by historical analogies and dry humor, exposes the limits of cyber effects against large, resilient societies but warns of an era of increasingly capable, nuisance-driven Iranian operations—potentially following the North Korean path. For the West, this presents a persistent problem, but one less catastrophic than the alternatives.