The recent cyber conflict involving Iran has escalated following the US and Israeli military operations, known as Epic Fury, at the end of February 2026. Iranian cyber activities have markedly increased, targeting the United States, Israel, and Gulf states perceived as collaborators. These actions underline the preparedness and strategic deployment by Iranian-linked Advanced Persistent Threats (APTs).
Heightened Cyber Activity Following Strikes
In the wake of the military strikes, Iran’s Ministry of Intelligence and Security (MOIS) and the Islamic Revolutionary Guard Corps (IRGC) have been linked to a surge in cyber activity. Augur Security, an AI-driven cybersecurity firm, reports that these groups have been ramping up their infrastructure for months in anticipation of such events. This preparation highlights Iran’s proactive cyber strategies to retaliate against perceived threats.
Augur Security’s report reveals significant infrastructure development by Iranian government-associated groups. The analysis indicates a multi-layered approach designed to obscure cyber operations’ origins, starting from Iranian ISPs like Sefroyek Pardaz Engineering. This approach involves complex networks, including international hosting services, further complicating attribution and response efforts.
Complex Infrastructure and Global Reach
The Iranian cyber strategy involves cooperation with various international entities to strengthen its digital operations. Key players include bulletproof hosting providers in Moldova and the US, along with shell companies operating under multiple jurisdictions. This international network is critical for sustaining and hiding the origins of Iran’s cyber initiatives.
A notable example is the activity of the MuddyWater group, which saw a surge in flagged infrastructure activity in September 2025. This group, along with others, has been utilizing global resources to prepare for and execute cyber operations, demonstrating a sophisticated and coordinated approach.
Coordinated Hacktivist Expansion
Following the strikes, over 60 Iranian-linked hacktivist groups have mobilized to target critical infrastructure in the US, Israel, and Gulf states. An Electronic Operations Room was swiftly established to coordinate these efforts, mirroring past responses to conflicts, such as those involving Gaza in 2023. This centralized coordination reflects a strategic effort to optimize the impact of cyber offensives.
Groups like Cyber Fattah and the Fatimiyoun Cyber Team are part of a broader effort to disrupt and challenge perceived adversaries through cyber means. The primary focus remains on governmental and financial sectors, with a secondary emphasis on Gulf states aiding US and Israeli actions.
Despite the US and Israel’s efforts to compromise Iranian internet connectivity, the resilience of Iranian APTs underscores the challenges of mitigating cyber threats through traditional military means. The IRGC, distinct from Iran’s conventional military, continues to prioritize protecting the Islamic revolution, employing a global network to sustain its cyber capabilities.
The ongoing cyber skirmishes highlight the evolving nature of international conflicts, where digital warfare plays a crucial role. This situation underscores the importance of understanding and countering sophisticated cyber threats that transcend national borders.
