Amid a protracted near-total internet blackout in Iran, an Iran-linked hacking group known as Handala Hack has reportedly been using Elon Musk’s Starlink satellite internet network to sustain cyber operations and launch attacks, according to cybersecurity observers and social-media disclosures by the group itself.
Since early January, the Iranian government has largely severed nationwide access to the global internet as part of a broader strategy to contain information flows during mass protests and escalating tensions with the United States and Israel. Independent monitoring indicates that connectivity levels have frequently fallen to near-zero across much of the country, leaving ordinary users dependent on limited domestic networks or alternative technologies like satellite links.
The Handala Hack group, which security researchers associate with pro-Iranian or regime-aligned operatives, has recently taken advantage of Starlink’s satellite broadband to maintain access to the global internet and to continue offensive operations, routing their attacks through Starlink IP address ranges when terrestrial connectivity is unavailable. This comes as Iran’s authorities have intensified efforts to disrupt satellite connectivity, including deploying GPS-jamming technology that has degraded many Starlink connections and seizing ground terminals to prevent unauthorised access.
Over the past two days, Handala has used its X (formerly Twitter) accounts to threaten cyberattacks against Western interests, framing its actions as retaliation for U.S. and allied cyber operations. These messages underscore how groups embedded in Iran’s fragmented cyber ecosystem are seizing on connectivity gaps created by the blackout to pursue broader geopolitical objectives.
The extended internet blackout has had profound domestic impacts. Iran’s National Information Network, a state-controlled intranet, remains largely disconnected from the global web, while ordinary citizens, journalists, and activists struggle to communicate internally or with the outside world. Satellite internet services like Starlink initially provided a critical circumvention route, but the government’s countermeasures—including aggressive jamming and legal bans on Starlink hardware—have severely limited their usability.
For Iranian journalists operating under these conditions, satellite internet presents both an opportunity and a risk. Some reporters have resorted to encrypted messaging and carefully managed Starlink connections to report on protests and state actions, but fear detection by security forces that treat unauthorised connectivity as espionage.
The confluence of internet suppression and cyber conflict reflects a widening digital front in the region’s broader geopolitical struggle. Iran’s use of connectivity controls as a tool of internal repression, and the subsequent adaptation of cyber actors to exploit alternative networks like Starlink, underscores how satellite internet technology has become entangled with both dissent and state power in the 21st-century information landscape.
