124/69 Wednesday, March 4, 2026
Following the military operations Epic Fury by the United States and Roaring Lion by Israel on February 28, 2026, which targeted critical Iranian infrastructure and communications systems, cybersecurity experts from organizations such as CrowdStrike and Palo Alto Networks have reported a notable increase in activity from pro-Iranian hacktivist groups. However, contrary to earlier expectations, Iranian state-sponsored cyber units have not yet launched large-scale retaliatory cyber operations. Analysts believe this may be due to widespread internet disruptions within Iran, now entering the fourth day, and damage to command-and-control infrastructure, which has temporarily reduced the country’s capacity to conduct advanced cyber operations.
At present, various hacker groups are attempting to generate attention through social media and underground forums, claiming successful intrusions into critical infrastructure such as industrial control systems (ICS) and food supply facilities. However, experts from Flashpoint and Sophos note that most of these claims lack credible evidence and are likely exaggerated. Many incidents appear to be relatively low-level attacks intended to create panic, including distributed denial-of-service (DDoS) attacks and website defacements. These tactics are commonly used during geopolitical conflicts to attract media attention and public interest, while the actual impact on critical systems remains limited to low or moderate levels.
Despite the limited confirmed damage, the overall situation remains high-risk. Hacker alliances supporting Iran and Russia have reportedly initiated an operation dubbed “OpIsrael,” targeting government agencies, financial institutions, and healthcare providers in multiple countries. These campaigns may involve the deployment of infostealer malware and social engineering techniques to broaden the scope of attacks. As a result, the National Cyber Security Centre (NCSC) in the United Kingdom, along with global cybersecurity experts, has issued warnings urging organizations across all sectors to review defensive measures and strengthen monitoring. Even if state-sponsored actors remain relatively quiet for now, opportunistic cybercriminals may exploit the ongoing conflict to launch attacks for financial or strategic gain.