Ethical Hacking News
A surge in hacktivist activity has been reported, with several groups claiming responsibility for breaching military networks, including Israel's Iron Dome missile defense system. The latest wave of attacks, which began after the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion, has left cybersecurity experts on high alert.
The hackers, who are believed to be primarily pro-Russian and pro-Iranian in nature, have been using a variety of tactics, including distributed denial-of-service (DDoS) attacks, data breaches, and malware. The attacks, which have targeted over 110 organizations across 16 countries, have caused significant disruption to critical infrastructure, including energy networks, government entities, and financial services.
The rise of hacktivist activity in recent days has been attributed to several factors, including the ongoing conflict in the Middle East and the increasing sophistication of these groups' tactics. The use of DDoS attacks, data breaches, and malware has made it increasingly difficult for organizations to defend themselves against these types of threats.
In response to this growing threat, cybersecurity experts are urging organizations to take immediate action to protect themselves. This includes activating continuous monitoring, updating threat intelligence signatures, reducing external attack surface, conducting comprehensive exposure reviews of connected assets, validating proper segmentation between information technology and operational technology networks, and ensuring proper isolation of IoT devices.
The consequences of inaction can be severe, with significant disruptions to critical infrastructure, data breaches, and even physical harm to individuals. As the global cyber threat landscape continues to expand, it is essential that organizations take a proactive approach to protecting themselves against these types of threats.
Hacktivist groups have been reported to breach military networks, including Israel's Iron Dome missile defense system. The attacks are believed to be primarily pro-Russian and pro-Iranian in nature, using tactics such as DDoS attacks, data breaches, and malware. A shadowy Tunisian group called Hider Nex is a notable culprit, using a hack-and-leak strategy to advance its geopolitical agenda. The majority of attack activity is concentrated in Kuwait, Israel, and Jordan, targeting public infrastructure and government entities. The rise of hacktivist activity is attributed to the ongoing conflict in the Middle East and the increasing sophistication of these groups' tactics. Cybersecurity experts urge organizations to take immediate action to protect themselves, including activating continuous monitoring and updating threat intelligence signatures. A Iranian state-sponsored hacking group known as UNC1549 is also identified as a key player in the recent surge of hacktivist activity. The use of AI-powered threats is becoming increasingly common, with several groups using machine learning algorithms to launch targeted attacks against organizations. Organizations must prioritize their cybersecurity posture and take proactive steps to protect themselves against these types of threats.
In recent days, a surge in hacktivist activity has been reported, with several groups claiming responsibility for breaching military networks, including Israel's Iron Dome missile defense system. The latest wave of attacks, which began after the U.S.-Israel coordinated military campaign against Iran, codenamed Epic Fury and Roaring Lion, has left cybersecurity experts on high alert.
The hackers, who are believed to be primarily pro-Russian and pro-Iranian in nature, have been using a variety of tactics, including distributed denial-of-service (DDoS) attacks, data breaches, and malware. The attacks, which have targeted over 110 organizations across 16 countries, have caused significant disruption to critical infrastructure, including energy networks, government entities, and financial services.
One of the most notable groups responsible for these attacks is Hider Nex, a shadowy Tunisian hacktivist group that supports pro-Palestinian causes. According to Orange Cyberdefense, Hider Nex has been using a hack-and-leak strategy, combining DDoS attacks with data breaches to leak sensitive information and advance its geopolitical agenda.
The group emerged in mid-2025 and has since become increasingly active, launching multiple attacks against organizations in the Middle East and beyond. Its activities have been characterized as highly lopsided, with two groups, Keymous+ and DieNet, driving nearly 70% of all attack activity between February 28 and March 2.
The distribution of attacks within the region was heavily concentrated in three specific nations: Kuwait, Israel, and Jordan, with Kuwait accounting for 28%, Israel for 27.1%, and Jordan for 21.5% of the total attack claims. This suggests that the hackers are targeting public infrastructure and state-level targets, with a particular focus on critical infrastructure and government entities.
The rise of hacktivist activity in recent days has been attributed to several factors, including the ongoing conflict in the Middle East and the increasing sophistication of these groups' tactics. The use of DDoS attacks, data breaches, and malware has made it increasingly difficult for organizations to defend themselves against these types of threats.
In response to this growing threat, cybersecurity experts are urging organizations to take immediate action to protect themselves. This includes activating continuous monitoring, updating threat intelligence signatures, reducing external attack surface, conducting comprehensive exposure reviews of connected assets, validating proper segmentation between information technology and operational technology networks, and ensuring proper isolation of IoT devices.
The Iranian state-sponsored hacking group known as UNC1549 (aka GalaxyGato, Nimbus Manticore, or Subtle Snail) has also been identified as a key player in the recent surge of hacktivist activity. According to Nozomi Networks, this group has been focusing its attacks on defense, aerospace, telecommunications, and regional government entities, with the aim of advancing Iran's geopolitical priorities.
The use of AI-powered threats is becoming increasingly common, with several groups now using machine learning algorithms to launch targeted attacks against organizations. The recent PromptSpy Android malware, which abuses Gemini AI to automate recent-apps persistence, is a prime example of this trend.
As the threat landscape continues to evolve, it is essential that organizations prioritize their cybersecurity posture and take proactive steps to protect themselves against these types of threats. This includes staying informed about emerging threats, conducting regular vulnerability assessments, and implementing robust incident response plans.
The consequences of inaction can be severe, with significant disruptions to critical infrastructure, data breaches, and even physical harm to individuals. As the global cyber threat landscape continues to expand, it is essential that organizations take a proactive approach to protecting themselves against these types of threats.
In conclusion, the recent surge in hacktivist activity represents a growing concern for cybersecurity experts worldwide. The use of DDoS attacks, data breaches, and malware has made it increasingly difficult for organizations to defend themselves against these types of threats. As the threat landscape continues to evolve, it is essential that organizations prioritize their cybersecurity posture and take proactive steps to protect themselves against these types of threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Rise-of-Hacktivist-Activity-A-Looming-Threat-to-Global-Cybersecurity-ehn.shtml
https://thehackernews.com/2026/03/149-hacktivist-ddos-attacks-hit-110.html
https://www.radware.com/security/threat-advisories-and-attack-reports/ddos-activity-following-operation-epic-fury-roaring-lion/
https://www.claimdepot.com/data-breach/zions-bank-2025
https://darkwebinformer.com/threat-attack-daily-12th-of-august-2025/
https://cybersecuritynews.com/keymous-hacker-group-claims-700-ddos-attacks/
https://www.radware.com/blog/threat-intelligence/keymous-plus-a-new-hacktivist-collective-or-a-ddos-as-a-service-brand/
https://www.netscout.com/blog/asert/profiling-dienet-new-hacktivist-threat
https://cyberflorida.org/dienet-a-rising-hacktivist-group-targeting-critical-infrastructure/
https://cloud.google.com/blog/topics/threat-intelligence/analysis-of-unc1549-ttps-targeting-aerospace-defense
https://thehackernews.com/2025/09/unc1549-hacks-34-devices-in-11-telecom.html
https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/
https://www.infosecurity-magazine.com/news/iran-nimbus-manticore-european/
https://www.darkreading.com/cyberattacks-data-breaches/iranian-state-apt-telcos-satellite-companies
Published: Wed Mar 4 12:30:21 2026 by llama3.2 3B Q4_K_M
