Cyberwarfare US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates Both sides conduct hacking and other attacks, including the deployment of wiper malware, DDoS, and disruptions to critical infrastructure. By Eduard Kovacs | March 2, 2026 (6:04 AM ET) Flipboard Reddit Whatsapp Whatsapp Email The escalating conflict between the United States, Israel, and Iran has unfolded alongside extensive cyber operations, with reports of widespread internet disruptions, hacking of Iranian sites and apps, and infrastructure interference, while Western entities brace for potential Iranian cyberattacks. The conflict erupted on February 28, when the United States and Israel initiated coordinated airstrikes across Iran, targeting military installations, missile facilities, nuclear sites, and high-level officials, resulting in the deaths of Supreme Leader Ali Khamenei and several other leaders. In response, Iran launched widespread missile and drone barrages against US military bases in Persian Gulf countries, as well as direct attacks on Israel, causing limited casualties and damage to both military and civilian infrastructure. Cyberattacks against Iran According to Israeli and US media, cyberattacks conducted by US-Israeli forces caused widespread disruptions in Iran, including to news/propaganda websites (such as IRNA news agency), communications infrastructure used by the Islamic Revolutionary Guard Corps (IRGC), local applications, and digital government services. Attacks on IRGC command and control systems aimed to limit coordination on counterattacks. Reports indicated that the cyberattacks against Iran included both DDoS attacks and “deep intrusions” into energy and aviation infrastructure systems in what some described as the “largest cyberattack in history”. Pro-West hackers have also hijacked a popular prayer app, sending out push notifications informing users that “Help has arrived!”. Advertisement. Scroll to continue reading. Internet observatory NetBlocks reported on March 2 that there has been an internet blackout in Iran for more than 48 hours, noting that lengthy blackouts are not uncommon in the country and are often triggered by the regime to hide human rights violations. Cyberattacks from Iran Iranian and Pro-Iran threat actors have also ramped up operations since the conflict erupted. One group claimed to have targeted air defense systems belonging to an Israeli company. Cybersecurity company Flashpoint told SecurityWeek that Iran is conducting what hackers call ‘The Great Epic’ cyber campaign. Threat groups claim to have targeted fuel infrastructure in Jordan, and expanded operations to target industrial control systems (ICS) in Israel, claiming to have disrupted manufacturing and energy distribution systems. Others are focusing on DDoS attacks and data-wiping operations allegedly targeting US and Israeli military logistics providers. [ Read : Cyber Insights 2026: Cyberwar and Rising Nation State Threats ] Adam Meyers, head of counter adversary operations at CrowdStrike, said in an emailed statement that the company “is already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks.” “These behaviors often precede more aggressive operations. In past conflicts, Tehran’s cyber actors have aligned their activity with broader strategic objectives that increase pressure and visibility at targets, including energy, critical infrastructure, finance, telecommunications, and healthcare,” Meyers noted. Sophos reported that “a hacktivist persona linked to Iran’s Ministry of Intelligence and Security (MOIS), claimed attacks in Jordan and threatened other countries in the region. This group routinely overstates their capability and impact of attacks however on occasion has been capable of executing data theft and wiper attacks.” Caution on cyberattack impact claims Iranian hackers are known to target ICS and other critical infrastructure. Threat actors supporting the regime have also been observed leveraging hacking in preparation for physical strikes . However, they are also known to exaggerate the impact of their cyber operations. Both Israel and the United States have highly developed offensive cyber tools, but reports detailing the impact of cyberattacks in periods of escalation can be prone to exaggeration. Although some accounts of disruption or damage could prove inflated upon closer examination, the demonstrated ability of state-linked actors to conduct sophisticated cyber intrusions in parallel with kinetic operations underscores a genuine and evolving threat that demands continued vigilance and preparedness. The US cybersecurity firm SentinelOne reported immediately after the conflict started that it had ”not attributed significant malicious cyber activity directly to these recent events”. However, the company warned , “We assess with high confidence that organizations in Israel, the United States, and allied nations are likely to face direct or indirect targeting – particularly within government, critical infrastructure, defense, financial services, academic, and media sectors.” The Wall Street Journal reported late on Saturday that the US conducted a major air attack against Iran with the aid of Anthropic AI, shortly after President Donald Trump said he was ordering all federal agencies to phase out the use of Anthropic technology after the company refused to allow unrestricted military use of its AI. Related : US Braces for Cyberattacks After Bombing Iranian Nuclear Sites Related : RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Juniper Networks PTX Routers Affected by Critical Vulnerability Critical Flaws Exposed Gardyn Smart Gardens to Remote Hacking Apple iPhone and iPad Cleared for Classified NATO Use Claude Code Flaws Exposed Developer Devices to Silent Hacking Trend Micro Patches Critical Apex One Vulnerabilities Google Disrupts Chinese Hackers Targeting Telecoms, Governments Medical Device Maker UFP Technologies Hit by Cyberattack SecurityWeek Report: 426 Cybersecurity M&A Deals Announced in 2025 Latest News Hackers Weaponize Claude Code in Mexican Government Cyberattack Canadian Tire Data Breach Impacts 38 Million Accounts Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators 38 Million Allegedly Impacted by ManoMano Data Breach 900 Sangoma FreePBX Instances Infected With Web Shells Chilean Carding Shop Operator Extradited to US Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit People on the Move Predictive revenue system company Clari + Salesloft has named Peter Liebert as CISO. Nscale has appointed Latha Maripuri as Chief Information Security Officer. BreachRx has named Young-Sae Song as Chief Marketing Officer. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email