On February 28, 2026, a coordinated cyber offensive by the United States and Israel, known as Operation Epic Fury and Operation Roaring Lion respectively, triggered a substantial cyber conflict impacting the Middle East and beyond. This operation marked the beginning of an intense cyber struggle involving multiple nations.
Iran’s Internet Disruption and Retaliation
Within a few hours of the initial cyber strikes, Iran responded with a multi-faceted cyber campaign that involved hacktivist groups, state-sponsored actors, and cybercriminals. This reaction resulted in a significant reduction of Iran’s internet connectivity, dropping to between 1% and 4% by the morning of February 28. This loss of connectivity disrupted the coordination capabilities of Iran’s cyber units.
Iranian cyber cells have since adapted by operating in isolation, potentially leading to unpredictable attack patterns. Analysts from Palo Alto Networks’ Unit 42 swiftly identified a phishing campaign that exploited the conflict, distributing a fake version of Israel’s RedAlert app to install malware on users’ devices.
Hacktivist Surge and International Involvement
Despite Iran’s internal challenges, hacktivist activities surged outside its borders. By March 2, 2026, about 60 groups, including pro-Russian entities, were actively targeting Israeli and Western interests. The newly established ‘Electronic Operations Room’ has become a central hub for coordinating these efforts, with attacks ranging from DDoS to infrastructure compromises.
The cyber conflict’s scope has extended beyond Iran, with cybercriminals in the UAE launching scams impersonating the Ministry of Interior and the ransomware group Tarnished Scorpius targeting an Israeli company. These developments underscore a shift from a state-centric to a multi-actor cyber warfare scenario.
Coordinated Hacktivist Efforts
The ‘Electronic Operations Room’ serves as the focal point for Iran-aligned hacktivist operations. Notable actors like Handala Hack, associated with Iran’s Ministry of Intelligence, have been active, claiming breaches against Israeli and regional targets. Their actions have escalated from digital attacks to physical threats against Iranian-American and Iranian-Canadian figures.
Other groups, such as Cyber Islamic Resistance, have claimed attacks on Israeli defense systems, while pro-Russian groups have also joined the conflict, though their claims remain unverified. Organizations are advised to enhance cybersecurity measures, such as offline data backups, patch management, and employee training on phishing threats.
The ongoing cyber conflict highlights the importance of robust cybersecurity strategies and international cooperation to mitigate such threats. Continuous monitoring and adaptation to evolving cyber threats are essential for maintaining security in this volatile environment.
