Cyber-crime Cybercrime has skyrocketed 245% since the start of the Iran war Hacktivists use proxy services from Russia, China for 'billions of designed-for-abuse connection attempts' Jessica Lyons Mon 16 Mar 2026 // 18:40 UTC Cybercrime has skyrocketed since the start of the Iran war, according to Akamai, which reports a 245 percent increase in everything from credential harvesting attempts to automated reconnaissance traffic aimed at banks and other critical businesses. Banking and fintech have been the hardest hit, accounting for 40 percent of the malicious traffic since February 28, followed by e-commerce (25 percent), video games (15 percent), technology firms (10 percent), media and streaming services (7 percent), and other industries (3 percent), the CDN provider said . Most of the internet traffic Akamai has logged thus far has been infrastructure scanning and reconnaissance efforts, with botnet-driven discovery traffic jumping 70 percent and automated recon traffic up 65 percent. The firm also reported a notable uptick in widespread scanning of infrastructure and exposed services (up 52 percent), credential harvesting attempts (45 percent), and reconnaissance ahead of distributed denial of service (DDoS) attacks (38 percent). This includes an unnamed US financial services company that blocked 13 million packets originating from Iran over the last 90 days, with a network traffic flood exceeding 2 million packets on February 9 – in the lead-up to the military strikes – and then a couple of other spikes immediately after the conflict started. However, not all of the malicious traffic originated from Iran. The embattled theocracy accounted for only 14 percent of the source IPs, compared to Russia (35 percent) and China (28 percent). This doesn't necessarily mean that the threat groups carrying out the cyber activities are based in these two counties. Both China and Russia have historically turned a blind eye toward digital-crime networks and services operating out of their countries – just as long as the attacks don't target Chinese and Russian government agencies or organizations. As Akamai notes, "geopolitically motivated hacktivists are using proxy services in countries like Russia and China as a source for billions of designed-for-abuse connection attempts." At the beginning of March, Palo Alto Networks' Unit 42 senior manager Justin Moore told The Register that the threat-intel team has tracked an uptick in pro-Russian hacktivists . This, Moore said, is "effectively expanding the Middle East's attack surface, and potentially exposing regional infrastructure to high-disruption tactics historically used by these groups against NATO and European interests." Iran-linked cyber crew says they hit US med-tech firm Cybercrime isn't just a cover for Iran's government goons - it's a key part of their operations 'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes Iran's cyberwar has begun Some of these groups are closely tied to – or even cyber arms of – government intelligence agencies. This appears to be the case with Handala, an Iranian hacktivist crew believed to be a front for the Ministry of Intelligence and Security (MOIS), that claimed to be behind a destructive, data-wiping attack against Stryker , a global medical technology company headquartered in Kalamazoo, Michigan. Akamai suggests that organizations that do not "conduct business in certain geographies, or if it offers a service for which it is unlikely to have legitimate users outside specific regions of the world (e.g., financial services, public utility companies, or healthcare organizations, among others)," deny all traffic from those regions. Of course, being a CDN and security vendor, Akamai suggests organizations do this using its firewall – but this is sane advice during times of geopolitical conflict no matter whose networking and security gear you use. ® Share More about Akamai Technologies Cybercrime Iran More like these × More about Akamai Technologies Cybercrime Iran Security Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security NCSAM NCSC Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust Broader topics EMEA More about Share POST A COMMENT More about Akamai Technologies Cybercrime Iran More like these × More about Akamai Technologies Cybercrime Iran Security Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security NCSAM NCSC Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust Broader topics EMEA TIP US OFF Send us news