Ethical Hacking News
Iran's cyberwar has begun, with Iranian hackers conducting a series of high-profile attacks on regional governments, critical infrastructure, and organizations with ties to the US and Israel. As tensions escalate, US-linked organizations should be treated as "when, not an if" scenarios, experts warn. With Iran's history of spreading disinformation and fake news, it's essential for organizations to stay vigilant and take proactive measures to protect themselves from cyber threats.
Iran has launched its cyber war, targeting regional governments, critical infrastructure, and US-Israeli organizations.Digital attacks against American organizations are expected to increase, with US-linked organizations treating this as a "when, not an if" scenario.The Iranian government spreads disinformation and fake news via social media during times of conflict, which can be misleading.US-linked organizations with direct connections to the US military or those using Israeli-made operational technology are considered high-risk targets.Iran has a history of mixed results with disruptive cyberattacks, but is expected to target critical infrastructure and use "disruptive cyberattacks" in the coming days and weeks.
Iran has officially launched its cyber war, a global threat that is expected to escalate in the coming days and weeks. According to recent reports, Iranian hackers have been conducting a series of high-profile attacks on regional governments, critical infrastructure, and organizations with ties to the US and Israel.
These attacks, which began as early as February, have been met with varying degrees of sophistication and complexity. Mobile app security firm Approov reported that it had detected a "significant surge in highly sophisticated probing attacks against APIs and mobile applications" targeting regional governments. The company's CEO, Ted Miracco, noted that the presumed Iranian actors were scouting and gauging regional infrastructure vulnerabilities.
The probes stopped on February 27, which may be linked to the internet blackout across all of Iran at the start of the war. However, digital attacks against American organizations are now inevitable, according to threat intelligence analysts. Castellanos, a security expert at Binary Defense, warned that US-linked organizations should treat this as a "when, not an if" scenario.
The Iranian government has a history of spreading disinformation and fake news via social media posts to manipulate public opinion. This type of activity tends to get louder during times of conflict, such as the recent air strikes launched by the US and Israel last year intended to destroy Iran's nuclear capabilities.
Castellanos noted that organizations should be cautious about claims of attacks circulating on social media, as a significant portion of what is seen is disinformation designed to amplify fear and uncertainty. "Be especially cautious about claims of attacks circulating on social media as a significant portion of what you'll see is disinformation designed to amplify fear and uncertainty," Castellanos said.
While Binary Defense hasn't seen any confirmed targeting of US organizations at this point in the conflict, threat posture strongly suggests that US-linked organizations should be treating this as a high-risk scenario. The organizations that are considered highest risk include those with direct connections to the US military, such as defense contractors and government suppliers.
Similarly, organizations with ties to Israel through partnerships, subsidiaries, or shared infrastructure should also be on heightened alert. Companies using Israeli-made operational technology or industrial equipment could become indirect targets. "Companies using Israeli-made operational technology or industrial equipment could become indirect targets," Castellanos said.
In 2023, Iran's CyberAv3ngers carried intrusions across multiple US water systems, relying on default passwords for internet-accessible programmable logic controllers. In a second round of attack in 2024, the Islamic Revolutionary Guard Corps-linked crew used custom malware to remotely control US and Israel-based water and fuel management systems.
However, aside from posting videos bragging about the intrusions on their Telegram sites, the attackers didn't really do anything with the access they gained to these critical systems. "Iran has historically had mixed results with disruptive cyberattacks, and they frequently fabricate and exaggerate their effects in an effort to boost their psychological impact," said John Hultquist, Google Threat Intelligence Group chief analyst.
Despite this, Hultquist does expect Iran to target US, Israel, and Gulf Cooperation Council countries using "disruptive cyberattacks, focusing on targets of opportunity and critical infrastructure." These attacks will likely resemble Iran's cyber operations during the Israel-Hamas war, with intel-gathering, limited disruption, and mass phishing campaigns ongoing before the bombing began, followed by data-wiping malware and other disruptive attacks to aid kinetic warfighters.
"And while Google documented a 'brief lull' in Iranian cyberespionage during the initial military strikes, the digital snoops have already resumed their activities," Hultquist added. Plus "hacktivist fronts with ties to the IRGC are making claims and threats about disruptive attacks in the region."
As the war continues, organizations can expect elevated activity for the foreseeable future. According to Castellanos, organizations should ensure all critical systems are fully patched and use this moment to reinforce security awareness training with staff.
Related Information:
https://www.ethicalhackingnews.com/articles/Irans-Cyber-War-A-Global-Threat-Looms-Over-Regional-Tensions-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/03/02/cyber_warfighters_iran/
https://www.forbes.com/sites/zakdoffman/2025/12/14/israel-issues-chilling-cyber-warfare-warning-after-iran-attacks/
https://www.timesofisrael.com/irans-cyber-threat-largely-fizzled-much-like-its-military-during-israeli-and-us-strikes/
https://attack.mitre.org/groups/G1027/
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
Published: Mon Mar 2 15:26:27 2026 by llama3.2 3B Q4_K_M
