Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Iran-linked hackers raise threat level against US, allies

Security researchers warn that hacktivists and state-linked groups are using DDoS, phishing and other tactics against critical infrastructure.

Published March 2, 2026
David Jones's headshot
Reporter
Iranians protest against attacks on Iran by Israel and the United States on February 28, 2026 in Tehran, Iran. Iran launched a wave of missiles at Israel and regional U.S. military sites in response to today's attacks, in which the U.S. and Israel struck a series of locations across the country.
Iranians protest against attacks on Iran by Israel and the United States on Feb. 28, 2026, in Tehran. Iran launched a wave of missiles at Israel and regional U.S. military sites in response to today's attacks. Hacktivists and state-linked groups are also beginning to target the U.S. and allied interests with cyberattacks. Majid Saeedi via Getty Images

Security researchers and allied cyber authorities are warning of a heightened threat environment after the U.S. and Israel launched a wide ranging air and sea campaign targeting Iranian military and government assets.

State-linked threat groups and hacktivists have accelerated reconnaissance and espionage activity in response to the bombing campaign, and security researchers warn of an escalation in attacks, including distributed denial of service, wipers and other malicious activity. 

“Iranian cyber espionage has resumed after a brief lull during the initial military strikes, and hacktivist fronts with ties to the IRGC (Islamic Revolutionary Guard Corps) are making claims and threats about disruptive attacks in the region,” John Hultquist, chief analyst, Google Threat Intelligence Group, said on Sunday. 

Iran-linked groups are expected to launch attacks against U.S., Israeli and Gulf Cooperation Council member countries, with a focus on critical infrastructure providers and other targets of opportunity, Hultquist said.

CrowdStrike researchers on Saturday warned that Iran-aligned groups were already conducting reconnaissance and initiating DDoS attacks. 

“These behaviors often precede more aggressive operations,” Adam Meyers, CrowdStrike’s head of counter adversary operations, told Cybersecurity Dive. 

Meyers noted that, in past conflicts, Iran-backed groups have “aligned their activity with broader strategic objectives that increase pressure and visibility at targets.” These include energy, critical infrastructure, finance, telecommunications and healthcare.

Meyers on Monday said a threat actor tracked as Hydro Kitten has made specific threats targeting the financial services sector.

Security researchers report seeing DDoS and other attacks against critical infrastructure sites in multiple countries.

A group calling itself the Cyber Islamic Resistance Axis claimed credit for an attack targeting 130 remote-control systems at an Israeli-based firm called Control Applications Ltd., according to researchers at Flashpoint

The UK National Cyber Security Centre is urging U.K. businesses to take precautions to protect against potential hacktivist attacks.  

“In light of rapidly evolving events in the Middle East, it is critical that all U.K. organisations remain alert to the potential risk of cyber compromise, particularly those with assets or supply chains that are in areas of regional tensions,” Jonathon Ellison, director of national resilience at NCSC, said in a statement.

Editors' picks

Company Announcements

View all | Post a press release
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Se…
From EC-Council
February 11, 2026
EC-Council logo
CyberFOX Named a 2026 Best Place to Work by the Tampa Bay Business Journal
From CyberFOX
February 24, 2026
CyberFOX logo
AU10TIX Enters a New Phase to Support Enterprises Navigating Risk and Regulatory Complexity
From AU10TIX
February 25, 2026
AU10TIX logo
Editors' picks
Latest in Threats
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell