Iran-Linked Cyberattacks Escalate Following U.S.-Led Strike on Iranian Leadership
Following a U.S.-led military operation on February 24 that resulted in the assassination of Iranian Supreme Leader Ayatollah Ali Khamenei, Iran-backed hackers have intensified cyberattacks against Israel, the U.S., and Gulf nations, targeting critical infrastructure and surveillance systems.
Israeli cybersecurity firm Check Point Software reported that Iranian-linked hackers compromised two types of surveillance cameras widely used in Israel, Qatar, Bahrain, and other Middle Eastern countries, likely to assess missile-related damage. Meanwhile, Palo Alto Networks’ Unit 42 tracked dozens of pro-Iran hacktivist groups launching attacks since February 28, including disruptions to Israeli payment systems and Kuwaiti government websites.
One group, Handala linked to Iran’s Ministry of Intelligence and Security claimed responsibility for attacks on an Israeli oil and gas company and the shutdown of Jordanian gas stations. While some claims remain unverified, Jordan’s cybersecurity agency confirmed thwarting an Iranian cyberattack on wheat silo management systems.
Despite IDF strikes targeting IRGC cyber command centers, experts warn that proxy groups and ideologically aligned actors may continue operations. Lt. Gen. Charles Moore, former deputy commander of U.S. Cyber Command, stated that while the strikes will degrade Iran’s cyber capabilities, decentralized attacks by proxies including those based in Russia will likely persist. This tactic complicates attribution and response efforts.
As Alexander Leslie of Recorded Future noted, cyber operations in modern conflict no longer require physical presence in Iran, allowing attacks to continue despite military setbacks. The escalation underscores the growing role of cyber warfare in geopolitical tensions.
Source: https://www.politico.com/news/2026/03/04/israel-iran-cyber-headquarters-00813364
Israeli Ministry of Defense cybersecurity rating report: https://www.rankiteo.com/company/israelimod
"id": "ISR1774664743",
"linkid": "israelimod",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Oil and Gas',
'location': 'Israel',
'name': 'Israeli Oil and Gas Company',
'type': 'Corporation'},
{'industry': 'Energy',
'location': 'Jordan',
'name': 'Jordanian Gas Stations',
'type': 'Infrastructure'},
{'industry': 'Public Sector',
'location': 'Kuwait',
'name': 'Kuwaiti Government Websites',
'type': 'Government'},
{'industry': 'Finance',
'location': 'Israel',
'name': 'Israeli Payment Systems',
'type': 'Financial Services'},
{'industry': 'Agriculture',
'location': 'Jordan',
'name': 'Wheat Silo Management Systems',
'type': 'Infrastructure'},
{'industry': 'Security',
'location': ['Israel',
'Qatar',
'Bahrain',
'Middle Eastern Countries'],
'name': 'Surveillance Camera Networks',
'type': 'Infrastructure'}],
'attack_vector': ['Compromised Surveillance Cameras',
'Payment Systems',
'Government Websites',
'Critical Infrastructure'],
'date_detected': '2024-02-28',
'description': 'Following a U.S.-led military operation on February 24 that '
'resulted in the assassination of Iranian Supreme Leader '
'Ayatollah Ali Khamenei, Iran-backed hackers have intensified '
'cyberattacks against Israel, the U.S., and Gulf nations, '
'targeting critical infrastructure and surveillance systems. '
'Israeli cybersecurity firm Check Point Software reported that '
'Iranian-linked hackers compromised two types of surveillance '
'cameras widely used in Israel, Qatar, Bahrain, and other '
'Middle Eastern countries, likely to assess missile-related '
'damage. Meanwhile, Palo Alto Networks’ Unit 42 tracked dozens '
'of pro-Iran hacktivist groups launching attacks since '
'February 28, including disruptions to Israeli payment systems '
'and Kuwaiti government websites. One group, Handala linked to '
'Iran’s Ministry of Intelligence and Security, claimed '
'responsibility for attacks on an Israeli oil and gas company '
'and the shutdown of Jordanian gas stations. While some claims '
'remain unverified, Jordan’s cybersecurity agency confirmed '
'thwarting an Iranian cyberattack on wheat silo management '
'systems. Despite IDF strikes targeting IRGC cyber command '
'centers, experts warn that proxy groups and ideologically '
'aligned actors may continue operations.',
'impact': {'operational_impact': ['Disruption of Critical Infrastructure',
'Shutdown of Gas Stations',
'Potential Data Exfiltration'],
'systems_affected': ['Surveillance Cameras',
'Payment Systems',
'Government Websites',
'Oil and Gas Systems',
'Gas Stations',
'Wheat Silo Management Systems']},
'lessons_learned': 'Cyber operations in modern conflict no longer require '
'physical presence in Iran, allowing attacks to continue '
'despite military setbacks. The escalation underscores the '
'growing role of cyber warfare in geopolitical tensions.',
'motivation': ['Retaliation',
'Geopolitical Tensions',
'Assessment of Military Damage'],
'references': [{'source': 'Check Point Software'},
{'source': 'Palo Alto Networks’ Unit 42'},
{'source': 'Jordan’s Cybersecurity Agency'},
{'source': 'Lt. Gen. Charles Moore (Former Deputy Commander of '
'U.S. Cyber Command)'},
{'source': 'Alexander Leslie (Recorded Future)'}],
'response': {'third_party_assistance': ['Check Point Software',
'Palo Alto Networks’ Unit 42']},
'threat_actor': ['Handala (Iran’s Ministry of Intelligence and Security)',
'Pro-Iran Hacktivist Groups',
'IRGC Cyber Command'],
'title': 'Iran-Linked Cyberattacks Escalate Following U.S.-Led Strike on '
'Iranian Leadership',
'type': ['Cyber Espionage', 'Disruption', 'Hacktivism']}