Cyber and electronic-warfare activity escalates amid US–Israeli strikes on Iran
Regional conflict following U.S.–Israeli strikes on Iran has been accompanied by heightened cyber and electronic-warfare activity affecting both military operations and civilian infrastructure. U.S. officials publicly acknowledged that U.S. Cyber Command, alongside space capabilities, conducted “non-kinetic” operations to disrupt Iranian communications and sensor networks in support of Operation Epic Fury, describing effects intended to degrade Iran’s ability to coordinate and respond; reporting also noted follow-on hack-and-leak style activity against Iranian-facing online properties (e.g., news sites and an app) and warned of potential retaliatory cyber activity by Iranian-aligned actors.
In parallel, maritime intelligence reporting described a sharp increase in GPS/AIS disruption (jamming/spoofing) impacting shipping around the Strait of Hormuz, with vessels appearing in false locations and maritime authorities warning of elevated risk to navigation and safety. Iran’s domestic crypto ecosystem also showed signs of stress consistent with conflict conditions and connectivity constraints: observers reported internet outages, exchanges moving into risk-containment modes (e.g., batching/suspending withdrawals), and temporary restrictions on the USDT–toman trading pair under central bank direction—collectively reducing liquidity and market activity rather than clearly indicating capital flight. Separate reporting on Pakistan’s TV broadcast hijacks and a DDoS incident affecting Russian government sites appear unrelated to the Iran conflict-driven activity described above.
Timeline
Mar 2, 2026
Iranian media claims foreign network gear failed during nuclear-site strikes
On or before 2026-03-02, Iranian state media reported that Cisco, Juniper, MikroTik, and Fortinet equipment malfunctioned or disconnected during U.S. strikes on Iranian nuclear facilities. The report suggested possible hidden backdoors, implanted malware, malicious packet delivery, or supply-chain tampering as explanations for the failures.
Mar 2, 2026
US publicly acknowledges Cyber Command's role in the campaign
On March 2, 2026, Joint Chiefs Chairman Gen. Dan Caine publicly described Cyber Command and Space Command as 'first movers' in the operation against Iran. The remarks were characterized as the clearest public acknowledgement so far of Cyber Command's role in the second Trump administration's major military operations.
Mar 2, 2026
Jordan says it thwarted an Iranian cyberattack on wheat storage
Jordan reported blocking an Iranian cyberattack that targeted its wheat storage systems during the regional escalation. The disclosure highlighted spillover cyber activity beyond the immediate U.S.-Iran-Israel conflict.
Feb 28, 2026
Israeli-linked hacks target Iranian websites and app
After the attacks began, apparent Israeli digital operations defaced Iranian news websites and a religious calendar app with messages encouraging defections and resistance. The activity was described as part of the broader pressure campaign accompanying military strikes.
Feb 28, 2026
US Cyber Command and Space Command disrupt Iranian networks
As part of the U.S.-Israeli campaign, U.S. Cyber Command and U.S. Space Command conducted coordinated cyber and space operations against Iranian communications and sensor networks. According to Gen. Dan Caine, these non-kinetic actions degraded Iran's ability to detect, coordinate, and respond ahead of kinetic strikes.
Feb 28, 2026
GPS and AIS interference surges across Gulf shipping lanes
Since February 28, more than 1,100 ships across Iranian, UAE, Qatari, and Omani waters experienced GPS or AIS disruption, with some vessels falsely appearing inland on tracking maps. Windward identified about 21 new AIS jamming clusters, and shipping through the Strait of Hormuz nearly halted amid the interference.
Feb 28, 2026
Iranian exchanges temporarily halt USDT-toman trading
Under direction from Iran's Central Bank, multiple Iranian exchanges temporarily suspended the USDT-toman trading pair to slow fiat repricing during peak volatility. When trading resumed, thin order books and brief price dislocations were observed.
Feb 28, 2026
Iran's internet connectivity collapses and crypto activity drops
Following the February 28 strikes, internet connectivity in Iran fell by roughly 99%, and domestic crypto transaction volume dropped by about 80% between February 27 and March 1. Major exchanges stayed online but reduced withdrawals, thinned liquidity, and issued user risk guidance.
Feb 28, 2026
New Persian-language numbers station V32 begins broadcasting
About 12 hours after U.S. and Israeli strikes on Iran began, a new Persian-language numbers station designated V32 reportedly started transmitting nearly twice daily. The broadcasts used a classic covert-communications format, with a male voice reading random numbers after repeating the Persian word "tavajjoh" three times.
Feb 28, 2026
US and Israeli strikes on Iran begin
On February 28, 2026, the United States and Israel initiated strikes on Iran, marking the start of a broader military campaign that coincided with cyber, electronic, and economic disruption across the region.
Jun 1, 2025
Israel-Iran missile exchanges trigger major GPS jamming in the Gulf
During missile exchanges between Israel and Iran in June 2025, significant GPS interference was reported in the Gulf region, establishing a prior pattern of wartime navigation disruption affecting maritime traffic.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Malware
Organizations
Affected Products
Sources
4 more from sources like sdxcentral cybersecurity, the record media, trm labs blog and wired com security
Related Stories
Cyber and information operations intensify amid US-Israel strikes on Iran under “Operation Epic Fury”
US and Israeli military action against Iran under **“Operation Epic Fury”** has been accompanied by heightened cyber activity and public acknowledgment of offensive cyber operations. Reporting indicated a surge of pro-Iranian activity including **DDoS attacks**, attempted compromises, and targeting of **critical infrastructure**, with researchers warning that Iranian state-linked actors tied to the **IRGC** and **MOIS**, as well as aligned hacktivists, are likely to sustain retaliatory operations aimed at economic, reputational, and potentially physical disruption. Separately, reporting alleged Israeli intelligence conducted long-running surveillance by compromising **Tehran traffic cameras**, exfiltrating encrypted video and telemetry to servers outside Iran to build “pattern of life” intelligence on senior leadership movements. The Pentagon also elevated the visibility of cyber as a warfighting domain, with the Chairman of the Joint Chiefs describing coordinated **space and cyber** effects used to “disrupt, degrade, and blind” Iranian communications and sensor networks, though without operational detail. In parallel but unrelated to the Iran conflict, Russia’s internet regulator **Roskomnadzor** and the Russian Defense Ministry reported a “complex multi-vector” **DDoS** incident that temporarily disrupted multiple government sites, with traffic attributed to botnets and servers across several countries and continued user-reported instability after initial containment.
1 months ago
Cyber Operations Escalate Following US-Israeli Strikes on Iran
Military strikes by the United States and Israel against Iranian targets on **February 28, 2026** were followed within hours by a sharp escalation in cyber activity across the Middle East. Reporting describes widespread **DDoS attacks, website compromises, defacements, and breach claims**, with more than 150 hacktivist incidents reportedly claimed in the first two days of the crisis. Iranian connectivity was heavily disrupted, including outages affecting **IRNA**, while **Tasnim News** was reportedly compromised and displayed anti-regime messaging. The most affected sectors were identified as **government, aerospace and defense, and technology**, and regional states including **Israel, Kuwait, Jordan, Bahrain, Qatar, and the UAE** saw elevated cyber pressure. The surge also expanded beyond immediate regional targets, with security reporting warning that the conflict was driving attacks against global commercial sectors such as **travel, hospitality, and energy**. One cited example was a **March 11** claim by **Handala**, a hacktivist group alleged to have ties to Iranian intelligence, that it had conducted a large-scale **data-wiping attack** against medical technology company **Stryker**, allegedly destroying several terabytes of data. Additional reporting noted unconfirmed concerns that Iranian-linked actors could target the physical and digital infrastructure of major U.S. technology firms. The activity reflects a broader pattern of **geopolitically motivated cyber operations** acting as a force multiplier alongside kinetic conflict, rather than a standalone marketing or advisory narrative.
2 weeks ago
Iran–Israel–US conflict triggers rapid hacktivist mobilization and elevated DDoS risk to government and critical infrastructure
Cyber activity surged immediately following joint **U.S.–Israel strikes on Iran** (described as *Operation Epic Fury*), with reporting indicating a fast-moving “cyber swarm” of hacktivists and aligned collectives conducting disruption, influence messaging, and broad cyber claim activity within hours of the kinetic events. A day-by-day Telegram-focused timeline described early **DDoS campaigns against Israeli government sites** expanding into a wider coalition of **pro-Iranian, pro-Palestinian, and Russian-aligned** groups targeting additional regions and sectors, including Gulf states, Europe, and the U.S., with increasing attention on **critical infrastructure**; examples cited include claims of DDoS disruption against Israeli commercial, defense-adjacent, and energy-related entities (e.g., an oil company and an advanced defense firm), sometimes accompanied by third-party availability “verification” links. U.S. state and local governments were separately warned by **MS-ISAC** to expect heightened “low-level” activity—particularly **DDoS**—in the wake of the Iran-related escalation, and were urged to harden internet-facing and cloud services (e.g., remediation of critical/cloud infrastructure, use of firewalls/CDNs, and reducing exposed employee/organizational data). In parallel, a critical-infrastructure-focused interview tied to an upcoming OT security summit reiterated that energy, water, pipeline, and ICS environments face persistent probing by state adversaries and that “low-cost entry” cyber operations can be used to test and disrupt mission-critical systems; while not specific to the Iran conflict, it reinforces the broader risk context for OT operators amid heightened geopolitical tensions.
1 weeks ago