IRGC Designates US Tech Companies as Legitimate Military Targets

On March 11, 2026, Iran's Islamic Revolutionary Guard Corps did something no state actor had ever done before: it published a detailed, facility-by-facility targeting list of American technology companies operating in the Middle East, designating roughly 30 offices, R&D centers, and data centers belonging to Google, Amazon, Microsoft, Nvidia, IBM, Oracle, and Palantir as "legitimate military targets" [1][2]. The declaration, disseminated through the IRGC-affiliated Tasnim News Agency, marked the formal expansion of the two-week-old US-Iran conflict from conventional military strikes into what Tehran is calling an "infrastructure war" — a conflict in which the servers, cables, and campuses that underpin the global digital economy are treated as fair game.

The announcement was not an empty threat. Iran had already demonstrated its willingness to strike tech infrastructure: on March 1, Iranian drones hit three Amazon Web Services data centers in the United Arab Emirates and Bahrain, knocking out banking, payments, and enterprise services across the Gulf region [3][4]. Days later, an Iran-linked hacker group claimed to have wiped 200,000 devices at American medical technology firm Stryker across 79 countries [6][7]. Together, these kinetic and cyber attacks represent an unprecedented escalation — one that has forced governments, corporations, and legal scholars to confront a question that was, until two weeks ago, largely theoretical: In modern warfare, is the cloud a civilian sanctuary or a legitimate battlefield?

The Target List

The Tasnim publication was granular in its specificity. It identified individual facilities by company, function, and city — a level of detail that cybersecurity analysts say was designed to maximize psychological impact as much as operational utility [2][8].

The named targets include:

• Nvidia's "main and largest R&D center" in Haifa, Israel
• Google's regional advertising and search hub in Dubai and its cloud support services office in Qatar
• IBM's AI research and cyber threat response center in Be'er Sheva, Israel
• Palantir's strategic collaboration center in Abu Dhabi and its regional office in Tel Aviv
• Oracle's regional cloud service office in Jerusalem and its main office in Abu Dhabi
• Amazon offices in Tel Aviv and Haifa, plus additional AWS data centers beyond those already struck
• Microsoft facilities across Israel and the Gulf

In total, the list encompassed five Amazon facilities, five Microsoft locations, six IBM sites, three Palantir offices, four Google locations, three Nvidia facilities, and three Oracle offices [2]. The IRGC's justification was blunt: these companies' technologies "have been used for military purposes," and their regional infrastructure constitutes "enemy technology infrastructure" [1][8].

The Precedent: Drone Strikes on Data Centers

The targeting declaration did not emerge in a vacuum. It followed what analysts are calling the first known military strikes on a commercial hyperscale cloud provider.

On March 1 — just one day after the US-Israel joint offensive dubbed Operation Epic Fury began with nearly 900 airstrikes against Iran in the first 12 hours — Iranian drones hit two AWS facilities in the UAE and one in Bahrain [3][4]. The IRGC explicitly claimed responsibility, citing Amazon's hosting of US military workloads as justification [4].

The physical damage was substantial. The strikes caused structural damage, disrupted power delivery, and in some cases triggered fire suppression systems that resulted in additional water damage to servers and networking equipment [4]. But the cascading digital impact extended far beyond the physical blast radius. Abu Dhabi Commercial Bank, Emirates NBD, First Abu Dhabi Bank, payments platforms Hubpay and Alaan, data cloud company Snowflake, and ride-hailing giant Careem all reported service outages [5]. Millions of consumers and businesses across the Gulf found themselves cut off from banking, payments, and logistics infrastructure.

"These strikes — the first known military strikes at an American hyperscaler's infrastructure — damaged two AWS sites in the United Arab Emirates and one in Bahrain, disrupting services across the region and underscoring how critical data infrastructure is emerging as a potential target in modern warfare," Fortune reported [3].

Source: U.S. Energy Information Administration

Data as of Mar 9, 2026CSV

The Cyber Front: Stryker and Beyond

If the AWS strikes represented the kinetic dimension of infrastructure warfare, the cyberattack on Stryker Corporation represented the digital one.

On March 11, the same day the IRGC published its target list, employees at Stryker — a $20 billion medical technology company — suddenly lost access to corporate networks, internal software, and communications systems across multiple regions [6][7]. An Iran-linked hacking group called Handala Hack, which Palo Alto Networks' Unit 42 has linked to Iran's Ministry of Intelligence and Security (MOIS), claimed responsibility on Telegram [6][10].

The group's claims were staggering in scope: it said it had erased data from more than 200,000 Stryker systems, servers, and mobile devices across 79 countries, and stolen 50 terabytes of data that it planned to publicly release [6]. Stryker's largest hub outside the United States, in Ireland, sent home more than 5,000 workers [7]. The company acknowledged "a global network disruption to our Microsoft environment as a result of a cyberattack" but said it found "no indication of ransomware or malware" — suggesting a destructive wiper attack rather than a financially motivated intrusion [7].

The Stryker attack was not an isolated incident. In the first 72 hours following the February 28 strikes, cybersecurity firms tracked over 150 hacktivist incidents claimed in open channels, dominated by distributed denial-of-service (DDoS) attacks, website defacement, and claimed data-breach operations against government, financial, aviation, telecom, and critical infrastructure targets [14]. Iran's cyber ecosystem — including APT33, APT35, OilRig, MuddyWater, and a constellation of IRGC-aligned hacktivist groups — had been activated across the board [10].

The US intelligence community responded by issuing private warnings to American companies and government agencies, urging immediate vigilance against retaliatory cyber operations [11].

Source: GDELT Project

Data as of Mar 13, 2026CSV

The Legal Gray Zone

The designation of tech infrastructure as military targets has thrust a long-simmering legal debate into urgent relevance. Under international humanitarian law (IHL), civilian objects are protected from direct attack — unless they make an "effective contribution" to military action and their destruction offers a "definite military advantage" [9].

The problem, as multiple legal scholars have noted, is that the Geneva Conventions were drafted in 1949 and their Additional Protocols in 1977. Nobody writing those documents was contemplating cloud computing, dual-use data centers, or AI research labs [12].

"Data centers have zero explicit protection under international humanitarian law," Euronews reported, citing legal experts [12]. The dual-use nature of cloud infrastructure — which simultaneously serves military clients, government agencies, hospitals, banks, and consumer apps — creates profound proportionality challenges. When an AWS data center hosts both US Central Command workloads and the payment systems used by millions of Gulf consumers, is striking it a legitimate military act or an indiscriminate attack on civilian infrastructure?

A legal analysis published by Just Security examined historical precedent and pointed to the 1923 Cuba Submarine Telegraph Company arbitration, which arose from the 1898 Spanish-American War. In that case, US naval forces severed British-owned telegraph cables to disrupt Spanish military communications. The tribunal ruled in favor of the United States, establishing the principle that "during armed conflicts, actions taken by a state as legitimate acts of war override private property rights without an obligation to compensate affected entities" [9].

That century-old ruling now carries uncomfortable new weight. If data centers hosting military workloads are indeed targetable military objectives, then the very architecture of the global cloud — concentrated in relatively few physical locations, operated by a handful of companies, and serving both military and civilian clients simultaneously — represents a structural vulnerability of extraordinary proportions.

The Economic Fallout

The IRGC's infrastructure warfare campaign has rippled through global financial markets. Crude oil prices, already climbing since the February 28 strikes, have surged 41% from roughly $67 per barrel to over $94 per barrel as of March 9, driven by disruptions to Strait of Hormuz shipping and broader market fear [13].

Tech stocks have been hit particularly hard. The Nasdaq Composite slid 1.78% on March 12 alone, with analysts warning of a rotation away from higher-risk technology stocks toward safer assets [13]. Microsoft, which has reportedly planned a $15 billion investment in UAE infrastructure, now faces uncertainty over the viability of its Middle Eastern expansion [8]. The broader question of whether tech companies can safely operate physical infrastructure in conflict-adjacent regions has sent shockwaves through corporate boardrooms.

For Gulf nations that have spent the last decade positioning themselves as global technology hubs — with the UAE alone attracting billions in data center investment — the strikes on AWS facilities represent a direct threat to their economic diversification strategies.

The Broader Strategic Picture

Iran's pivot to infrastructure warfare must be understood in the context of the massive asymmetry it faces. Operation Epic Fury — which killed Supreme Leader Ali Khamenei and multiple senior IRGC and intelligence officials in its opening hours — dealt Iran a devastating conventional military blow [1]. With its air defenses degraded and its leadership decapitated, Iran has limited options for symmetric military retaliation.

Targeting tech infrastructure offers Iran several asymmetric advantages. It imposes economic costs on the United States and its allies disproportionate to the resources required to execute the attacks. It creates diplomatic friction between the US and Gulf states whose civilian infrastructure is being damaged as a consequence of their hosting American tech companies. And it leverages Iran's relatively sophisticated cyber capabilities — which US intelligence agencies have long regarded as a tier-one threat — in a domain where the United States has its own vulnerabilities [10][11].

The succession of Mojtaba Khamenei as Supreme Leader has not moderated this approach. If anything, the new leadership appears to have doubled down on infrastructure warfare as a core element of Iran's retaliatory strategy, with the Tasnim target list representing a deliberate escalation [1].

What Comes Next

The IRGC's declaration has forced an uncomfortable reckoning for the technology industry, the US government, and the international legal community.

For tech companies, the immediate question is operational: whether to evacuate staff, harden facilities, or withdraw from the region entirely. Several companies have reportedly begun relocating non-essential personnel from Gulf offices, though none have publicly confirmed plans to shutter facilities [8].

For the US government, the challenge is strategic. The Pentagon's increasing reliance on commercial cloud infrastructure — formalized through contracts like the Joint Enterprise Defense Infrastructure (JEDI) and its successor — means that attacks on AWS, Microsoft Azure, or Google Cloud infrastructure directly threaten military capability. The dual-use nature of these facilities simultaneously makes them more targetable under IHL and more consequential when hit.

For international legal institutions, the AWS strikes and the Stryker cyberattack have created an urgent need for updated frameworks. The International Committee of the Red Cross and other bodies have studied cyber operations in armed conflict, but the physical targeting of commercial data centers by a state actor in open warfare has no direct precedent [9][12].

What is clear is that a line has been crossed. The cloud — the invisible infrastructure underlying everything from banking to AI to national defense — has been revealed as both strategically vital and physically vulnerable. The consequences of that revelation will reshape technology strategy, military doctrine, and international law for decades to come.