Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Pro-Russia actors team with Iran-linked hackers in attacks

The groups formed a loose alliance in recent days, targeting critical infrastructure in the Middle East and the U.S.

Published March 3, 2026
David Jones's headshot
Reporter
A woman wearing a hijab and sunglasses waves an Iranian flag
A woman waves an Iranian flag during a June 20, 2025, protest in Tehran against Israeli attacks on Iran. Pro-Russia actors have formed a loose alliance with Iran-nexus actors in response to the 2026 bombing campaign launched by Israel and the U.S. Majid Saeedi via Getty Images

Pro-Russia threat actors have formed a loose coalition with Iran-nexus hacking groups in response to the bombing campaign launched by the U.S. and Israel on Iran. 

The groups began working together Monday under the #OpIsrael campaign, with a focus on targeting critical infrastructure and exfiltration of data, according to researchers at Flashpoint

A group called the Cyber Islamic Resistance working with NoName057(16) targeted an Israeli defense defense contractor along with multiple municipal governments in a large-scale distributed denial of service attack, Flashpoint said. 

Cyber Islamic Resistance also claimed credit for the breach of an Israeli health insurance provider, and leaked CCTV footage to back up the claim, researchers said. 

A group called FAD Team has claimed credit for an SQL injection attack and leaked data from several organizations, including a small town in Pennsylvania, educational institutions in France, Vietnam and India, and a virtual U.S. Air Force group, say Flashpoint researchers. 

Researchers at Palo Alto Networks Unit 42 estimate that about 60 threat actors, including Iran-nexus and Russia-aligned groups, might be involved in various levels of hacking activity since the bombing campaign began. 

Handala Hack, a group linked to Iran’s Ministry of Intelligence and Security, has claimed credit for the compromise of an Israeli energy company as well as gas stations in Jordan, according to Unit 42 researchers. 

Researchers caution that the ability of state-linked activists to coordinate attacks has been limited due to a major loss of internet connectivity in Iran in recent days, which is running at less than 4% of capacity. 

As a result, many of the attacks linked to state actors are opportunistic in nature and deviate from established patterns, say Unit 42 researchers. 

“The technical impact remains relatively limited for now, but the trend is clearly escalating, with attack volumes rising above normal baselines and attempts to recruit hackers globally to support operations,” says Gil Messing, chief of staff at Check Point Software Technologies, an Israel-based cybersecurity firm.

U.S. officials told Cybersecurity Dive they are actively monitoring for threats against the homeland, both physical and digital. 

Security leaders in key U.S. sectors are also paying close attention to the threat. 

“Health-ISAC is very focused on the current U.S.-Iran tensions and the potential cyber fallout for healthcare and public health,” Errol Weiss, chief security officer at Health-ISAC, told Cybersecurity Dive. “We are closely monitoring the situation, but at this time we have not received any specific or credible, sector-wide cyber threat warnings tied directly to this latest incident.” 

Analysts at the Foundation for Defense of Democracies, a Washington-based think tank focusing on national security, agreed that Iran-backed hackers are currently struggling to develop a meaningful response to the bombing campaign. 

However, they caution that critical infrastructure in the U.S. remains at risk, noting the historical capabilities of Iran-linked groups and the limited capacity of many U.S. organizations to secure their own networks. 

“Because infrastructure in many essential sectors is owned and operated by small companies with limited cybersecurity resources and tooling, Iran may find limited but highly visible successes in the coming days against these operators, similar to what we saw in the fall of 2023 with the attacks on small U.S. water systems,” said Annie Fixler, director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. 

Filed Under: Strategy, Threats

Editors' picks

Company Announcements

View all | Post a press release
AU10TIX Enters a New Phase to Support Enterprises Navigating Risk and Regulatory Complexity
From AU10TIX
February 25, 2026
AU10TIX logo
EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Se…
From EC-Council
February 11, 2026
EC-Council logo
CyberFOX Named a 2026 Best Place to Work by the Tampa Bay Business Journal
From CyberFOX
February 24, 2026
CyberFOX logo
Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell