Cyble Research & Intelligence Labs (CRIL) has reported a sharp rise in cyber activity across the Middle East, where cyberattacks are increasingly being deployed alongside military operations. According to the latest findings, a mix of state-sponsored actors, hacktivist groups, and cybercriminals are actively targeting government entities, energy infrastructure, financial systems, and communication networks.

The underscores a significant shift in modern conflict, where digital operations are now a core component of warfare. As tensions intensify, cyber campaigns are being used not only to disrupt critical services but also to shape public narratives and apply strategic pressure on adversaries. CRIL notes that the conflict entered a heightened phase on February 28, 2026, following escalations involving Iran, the United States, and Israel. Military actions targeting Iranian nuclear and defense facilities were accompanied by coordinated cyber operations aimed at disrupting internet services, government platforms, and media channels.

This blend of kinetic and cyber tactics reflects the growing importance of cyber warfare in regional conflicts. Initial attack waves focused primarily on disruption, including distributed denial-of-service (DDoS) attacks, website defacements, credential harvesting, and disinformation campaigns. More than 70 hacktivist groups have reportedly participated in online operations tied to the conflict. Researchers also identified a malicious mobile application masquerading as an Israeli missile alert system, which instead harvested user data demonstrating the increasing use of social engineering in cyber campaigns. CRIL highlights that Iran continues to maintain a strong and active cyber ecosystem. Advanced persistent threat (APT) groups such as Charming Kitten (APT35), APT33, MuddyWater, OilRig, and Pioneer Kitten have been linked to espionage and targeted infrastructure attacks.

These groups typically focus on critical sectors such as aviation, telecommunications, government systems, and energy infrastructure, making them central players in the evolving cyber conflict landscape. At the same time, pro-Iranian hacktivist collectives including CyberAvngers, Handala, Team 313, and DieNet have carried out DDoS attacks, attempted intrusions into industrial control systems, and released stolen data. Analysts warn that collaboration between hacktivist groups across regions could further amplify the scale and reach of these operations. While early cyber operations largely aimed at disruption rather than destruction, several incidents have had immediate real-world consequences.

One major cyber event reportedly led to a near-complete internet outage in Iran, significantly reducing national connectivity. Concurrently, Iranian-linked actors launched spear-phishing and ransomware-style campaigns targeting key sectors such as energy, aviation, finance, and government institutions. Cyber interference has also extended to maritime operations. Disruptions near the Strait of Hormuz affected navigation systems for more than 1,100 vessels, raising concerns about the stability of global oil and gas supply chains. These developments highlight how cyber warfare can directly influence international trade and logistics. Beyond state and hacktivist operations, cybercriminal groups are exploiting the situation to launch opportunistic attacks. CRIL identified over 8,000 newly registered domains with the conflict, many of which are likely to be used for phishing or malware distribution.

Observed campaigns include fake missile alert notifications delivering malicious payloads, phishing websites impersonating official government services, and fraudulent donation platforms claiming to support affected populations. Some actors have also leveraged the crisis to promote cryptocurrency-related scams. These trends demonstrate how geopolitical instability creates fertile ground for cybercriminal exploitation. The growing intensity of cyber warfare in the Middle East highlights the urgent need for stronger cybersecurity measures across industries. Critical infrastructure providers, financial institutions, and logistics networks remain prime targets due to their potential for widespread disruption.

Organizations are advised to adopt multi-factor authentication, ensure timely patching of vulnerabilities, implement continuous monitoring, and enhance incident response strategies. Increased supply chain visibility and collaboration with threat intelligence providers are also becoming essential as cyber threats evolve alongside geopolitical conflicts. CRIL continues to monitor the situation closely, tracking threat actor activity and emerging tactics across the region. Cyble also encourages organizations to leverage its threat intelligence platform to better understand and respond to the rapidly changing cyber threat landscape.

Recommended Cyber News:

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com