The escalating conflict between the United States, Israel, and Iran has unfolded alongside extensive cyber operations, with reports of widespread internet disruptions, hacking of Iranian sites and apps, and infrastructure interference, while Western entities brace for potential Iranian cyberattacks.
The conflict erupted on February 28, when the United States and Israel initiated coordinated airstrikes across Iran, targeting military installations, missile facilities, nuclear sites, and high-level officials, resulting in the deaths of Supreme Leader Ali Khamenei and several other leaders.
In response, Iran launched widespread missile and drone barrages against US military bases in Persian Gulf countries, as well as direct attacks on Israel, causing limited casualties and damage to both military and civilian infrastructure.
Cyberattacks against Iran
According to Israeli and US media, cyberattacks conducted by US-Israeli forces caused widespread disruptions in Iran, including to news/propaganda websites (such as IRNA news agency), communications infrastructure used by the Islamic Revolutionary Guard Corps (IRGC), local applications, and digital government services. Attacks on IRGC command and control systems aimed to limit coordination on counterattacks.
Reports indicated that the cyberattacks against Iran included both DDoS attacks and “deep intrusions” into energy and aviation infrastructure systems in what some described as the “largest cyberattack in history”.
Pro-West hackers have also hijacked a popular prayer app, sending out push notifications informing users that “Help has arrived!”.
Internet observatory NetBlocks reported on March 2 that there has been an internet blackout in Iran for more than 48 hours, noting that lengthy blackouts are not uncommon in the country and are often triggered by the regime to hide human rights violations.
Cyberattacks from Iran
Iranian and Pro-Iran threat actors have also ramped up operations since the conflict erupted. One group claimed to have targeted air defense systems belonging to an Israeli company.
Cybersecurity company Flashpoint told SecurityWeek that Iran is conducting what hackers call ‘The Great Epic’ cyber campaign.
Threat groups claim to have targeted fuel infrastructure in Jordan, and expanded operations to target industrial control systems (ICS) in Israel, claiming to have disrupted manufacturing and energy distribution systems.
Others are focusing on DDoS attacks and data-wiping operations allegedly targeting US and Israeli military logistics providers.
[ Read: Cyber Insights 2026: Cyberwar and Rising Nation State Threats ]
Adam Meyers, head of counter adversary operations at CrowdStrike, said in an emailed statement that the company “is already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks.”
“These behaviors often precede more aggressive operations. In past conflicts, Tehran’s cyber actors have aligned their activity with broader strategic objectives that increase pressure and visibility at targets, including energy, critical infrastructure, finance, telecommunications, and healthcare,” Meyers noted.
Sophos reported that “a hacktivist persona linked to Iran’s Ministry of Intelligence and Security (MOIS), claimed attacks in Jordan and threatened other countries in the region. This group routinely overstates their capability and impact of attacks however on occasion has been capable of executing data theft and wiper attacks.”
Cynthia Kaiser, former Deputy Assistant Director at the FBI Cyber Division, who now serves as SVP, Ransomware Research Center at Halcyon, said the Halcyon intelligence team is seeing increased activity in the Middle East, noting “calls to action from the DDoS botnet HydraC2, hacktivist group Handala, and ransomware group Sicarii.”
“Iran has a long track record of using cyber operations to retaliate against perceived political slights,” Kaiser wrote in a LinkedIn post. “From disabling US financial websites between 2011 and 2013, to erasing data from the Las Vegas Sands Casino in 2014, to defacing websites after the death of Iranian military commander Qasem Soleimani and issuing online death threats to US election officials in 2020 and 2021, Tehran’s cyber playbook has been aggressive and evolving.”
Kaiser said ransomware has been increasingly incorporated to Iran’s cyber activities and that destructive tools could be used against US networks in the coming weeks. “Last year, an Iranian national pleaded guilty to ransomware attacks that crippled Baltimore and other US municipalities, causing tens of millions in damages,” she reminded. “Since at least 2017, Iranian operators have targeted US critical infrastructure—including a thwarted attempt on Boston Children’s Hospital—with ransomware campaigns that blur the line between criminal extortion and state-sponsored sabotage.”
Caution on cyberattack impact claims
Iranian hackers are known to target ICS and other critical infrastructure. Threat actors supporting the regime have also been observed leveraging hacking in preparation for physical strikes. However, they are also known to exaggerate the impact of their cyber operations.
Both Israel and the United States have highly developed offensive cyber tools, but reports detailing the impact of cyberattacks in periods of escalation can be prone to exaggeration.
Although some accounts of disruption or damage could prove inflated upon closer examination, the demonstrated ability of state-linked actors to conduct sophisticated cyber intrusions in parallel with kinetic operations underscores a genuine and evolving threat that demands continued vigilance and preparedness.
The US cybersecurity firm SentinelOne reported immediately after the conflict started that it had ”not attributed significant malicious cyber activity directly to these recent events”.
However, the company warned, “We assess with high confidence that organizations in Israel, the United States, and allied nations are likely to face direct or indirect targeting – particularly within government, critical infrastructure, defense, financial services, academic, and media sectors.”
The Wall Street Journal reported late on Saturday that the US conducted a major air attack against Iran with the aid of Anthropic AI, shortly after President Donald Trump said he was ordering all federal agencies to phase out the use of Anthropic technology after the company refused to allow unrestricted military use of its AI.
Related: US Braces for Cyberattacks After Bombing Iranian Nuclear Sites
Related: RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India
