Cyble Research & Intelligence Labs (CRIL) has identified a growing surge in Middle East cyber warfare, as cyberattacks increasingly accompany military operations across the region. The latest intelligence shows that state-backed groups, hacktivists, and cybercriminals are actively targeting government systems, energy infrastructure, financial institutions, and communication networks.
The findings highlight how modern conflicts now extend beyond physical battlefields. As geopolitical tensions escalate, Middle East cyber warfare is emerging as a key front where cyber operations are used to disrupt services, influence public perception, and pressure adversaries.
Hybrid Operations Driving Middle East Cyber Warfare
According to CRIL, the conflict entered a more aggressive phase on February 28, 2026, after an escalation involving Iran, the United States, and Israel. Military strikes targeting Iranian nuclear and military infrastructure were accompanied by cyber operations aimed at disrupting internet connectivity, government services, and media networks.
This combination of traditional warfare with cyber operations reflects the growing role of Middle East cyber warfare in modern conflicts. Early cyber campaigns focused on disruption, including distributed denial-of-service (DDoS) attacks, website defacements, credential theft attempts, and disinformation operations.
More than 70 hacktivist groups launched online campaigns linked to the conflict. Researchers also identified a malicious application disguised as an Israeli missile alert app. The app collected user data instead of providing warnings, highlighting how cyber operations are increasingly using social engineering tactics.
Iranian Cyber Groups and Hacktivists Remain Active
CRIL researchers say Iran continues to maintain strong cyber capabilities. Known threat groups such as Charming Kitten (APT35), APT33, MuddyWater, OilRig, and Pioneer Kitten have been linked to espionage operations and infrastructure targeting campaigns.
These groups typically focus on sectors including aviation, telecommunications, government networks, and energy systems. Their activities form a major part of the current Middle East cyber warfare landscape.
In parallel, Iranian-aligned hacktivist groups such as CyberAv3ngers, Handala, Team 313, and DieNet have launched DDoS attacks, attempted industrial control system intrusions, and leaked stolen data. Security analysts believe cooperation between hacktivist groups across regions could further expand cyber operations linked to the conflict.
Infrastructure and Maritime Systems at Risk
CRIL notes that the first wave of cyber activity focused mainly on disruption rather than destructive attacks. However, some incidents had immediate operational impact.
One major cyber operation reportedly caused a near-total internet blackout in Iran, with connectivity dropping to minimal levels. At the same time, Iranian-linked actors launched spear-phishing campaigns and ransomware-style attacks targeting energy companies, airports, financial institutions, and government agencies.
Cyber interference has also affected maritime systems. Navigation disruptions near the Strait of Hormuz reportedly impacted more than 1,100 ships, raising concerns about risks to global oil and gas transportation routes. These incidents demonstrate how Middle East cyber warfare can affect international trade and logistics networks.
Cybercriminals Exploiting the Conflict
CRIL researchers have also observed cybercriminal groups using the conflict as a lure for scams and malware campaigns. More than 8,000 new domains related to the crisis have been registered, many of which may later be used for phishing operations.
Identified campaigns include fake missile strike reports delivering malware, phishing portals impersonating government services, and fraudulent donation websites claiming to support victims of the conflict. Some attackers have also promoted cryptocurrency schemes tied to the war narrative.
These activities show how geopolitical crises create opportunities for cybercriminals to launch attacks while public attention is focused elsewhere.
Strengthening Defenses Against Middle East Cyber Warfare
The expansion of Middle East cyber warfare highlights the importance of strengthening cyber defenses across industries. Critical infrastructure operators, financial institutions, and logistics companies remain key targets because disruptions in these sectors can have widespread impact.
Organizations are advised to enforce multi-factor authentication, patch vulnerabilities, monitor networks continuously, and improve incident response readiness. Supply chain visibility and collaboration with threat intelligence partners are also becoming essential as cyber operations increasingly accompany geopolitical conflicts.
CRIL continues to track developments in the region and monitor threat actor activity linked to the growing wave of Middle East cyber warfare.
Organizations looking to understand these threats in more detail can explore Cyble’s threat intelligence capabilities.
Cyble also offers a platform demonstration to show how security teams can detect and respond to emerging cyber threats more effectively.
