Although the U.S. and Israel have ceased airstrikes on Iran for more than a week, Iranian hackers haven't logged off the digital battlefield.

Tehran's cyber operations have continued since the ceasefire with the U.S. began April 8, The New York Times reported Thursday, citing Western cybersecurity experts and former U.S. intelligence officials. Iran not only is seeking to keep up pressure on the U.S. and Israel but also is positioning itself to mount a larger retaliation if peace talks do not resume.

A U.S. delegation led by Vice President JD Vance held direct talks with Iran on April 11 in Islamabad, just days after the two-week ceasefire took effect. Hostilities began Feb. 28 with U.S. and Israeli airstrikes targeting Iran's political leadership and military infrastructure.

The talks broke down, with Vance saying the U.S. did not see "an affirmative commitment" from Iran "that they will not seek a nuclear weapon."

President Donald Trump then imposed a blockade on ships entering or leaving Iranian ports in the Strait of Hormuz, a narrow waterway between Iran and Oman that is one of the world's most vital oil transit chokepoints.

Since the conflict began, Iran has combined real-world attacks, disinformation and a mix of low-level and more advanced cyberattacks. The goal has been to create confusion in Israel, the Times reported.

In the U.S., it temporarily caused a global shutdown at medical equipment supplier Stryker. Also, a group affiliated with Iranian intelligence took responsibility for the release of emails and photographs stolen from a personal account of FBI Director Kash Patel.

Iran is now tactically shifting from overt demonstrations meant to undermine support for the U.S.-Israel military campaign toward quieter efforts to prepare for what might come next, the Times reported. This new phase of cyber operations includes a greater focus on espionage.

Iran has continued to target individuals in the U.S. and Israel who are either government officials or linked to the government. Its hackers have also stepped up efforts to penetrate critical infrastructure, attempting to access water and power systems in the Middle East and the U.S. as part of an effort to prepare for future operations that would cause societal pain, experts told the Times.

Iran's cyber operations have generally been less effective or sophisticated than those from China or Russia, which have for years launched large-scale espionage campaigns against the U.S. and penetrated some of its most sensitive infrastructure.

But Iran's dispersed network of hackers has long used cyberattacks to project power across the Middle East and to challenge the United States. And Iran's hackers are considered less predictable than their Chinese and Russian counterparts, especially when their government feels threatened.

"This is a time, more than ever, we should worry about Iran," Evan Pena, a co-founder of the cybersecurity firm Armadin, told the Times. "In cyberwarfare, there isn't really a ceasefire."

Pena said that if the ceasefire or negotiations collapse, Iran wants to be in a strong position to retaliate, potentially by attacking critical infrastructure in the U.S.

Tehran has a history of doing so, though generally with limited impact. More than a decade ago, Iranian hackers targeted a small dam in upstate New York, but the dam's sluicegate controls had been taken offline for maintenance.

Iran, Pena said, will be more aggressive and devote more resources to accessing American companies.

"I am not saying they have gotten in, but I do believe they are trying to get in," he said.

"The motive is, hold your position in the network. Should you find a way in, if something doesn't go the way Iran wants it to go, then they are going to make a disruption."

Josh Zweig, the chief executive of Zip Security, which secures small and midsize businesses, told the Times that Iran was specifically looking for less well-defended targets, such as municipal-run water and energy facilities.

He also said small firms that make investment decisions for wealthy individuals and families have been targeted. The goal, he said, is to gain leverage.

"They're going after individuals in and around the government — not through official channels but through their personal networks: service providers, contractors, the kinds of organizations that handle sensitive day-to-day information," Zweig said.

• Iranian-Linked Hackers Target US Water, Energy
• Feds Target Iran-Linked Hacking Domains