Mapping Hacktivist Cyber Operations in the Iran–Israel–US Geopolitical Conflict

BLOG MARCH 11, 2026 Threat Intelligence MAPPING HACKTIVIST CYBER OPERATIONS IN THE IRAN–ISRAEL–US GEOPOLITICAL CONFLICT IN THIS ARTICLE Executive Summary Overview of Reported Cyber Operations Reported Hacktivist Cyber Operations Global Cyber Campaign Call by Cyber Jihad Movement Database Breach Claim Targeting Iranian E-Commerce Platform DDoS Campaign Targeting Israeli Government and Financial Platforms Cyber Attacks Targeting Bahraini Government and Media Platforms Alleged Data Leak of Israeli Personal and Government Records DDoS Attacks Targeting Israeli Organizations Website Defacement Targeting Israeli Website Defacement of Israeli Law Firm Website Cyber Attacks Targeting Qatari Companies Cyber Attacks Against Qatari Government Platforms Threats Against Azerbaijani Government Platforms Cyber Attacks Targeting Bahraini Government Websites Strategic Implications Conclusion Executive Summary The escalation of geopolitical tensions involving Iran, Israel, and the United States has been accompanied by a surge in hacktivist cyber operations targeting government institutions, financial platforms, infrastructure organizations, and private companies across multiple regions. Several ideologically aligned cyber groups have publicly claimed responsibility for disruptive attacks including Distributed Denial of Service (DDoS) campaigns, website defacements, and data leaks. Many of these operations have been announced through messaging platforms and underground forums where attackers publish monitoring links, screenshots, and alleged proof of compromise. While several claims remain unverified, the scale and frequency of announcements indicate a coordinated wave of hacktivist activity attempting to influence the cyber domain during the ongoing geopolitical conflict. Most of the reported operations focus on Israeli organizations and countries perceived as political allies, including Bahrain, Qatar, and Azerbaijan. However, isolated incidents also indicate cyber activity targeting Iranian entities, highlighting the multidirectional nature of cyber operations during geopolitical conflicts. Overview of Reported Cyber Operations The following table summarizes the hacktivist operations linked to the ongoing geopolitical tensions involving Iran, Israel, and Western allies. The incidents were primarily announced through messaging platforms and underground forums where threat actors shared claims of responsibility and alleged proof-of-compromise. Hacktivist Actor Claimed Affiliation Victim Country Target Type Activity Cyber Jihad Movement Iran-aligned US, Israel, India, Pakistan, Arab states Government & Financial Public call for global cyber attacks Anonymous Syria Hackers Israel-aligned Iran E-commerce Platform Database breach claim DarkStorm Team Pro-Iran hacktivist Israel Government & Financial DDoS attacks Hider_Nex Iran-aligned Bahrain Government & Energy Website disruptions 404 Crew Cyber Team Pro-Iran hacktivist Israel Government & Personal Data Data leak Nation of Saviors Alliance Pro-Iran hacktivist Israel Telecom & Private Sector DDoS attacks Z-BL4CX-H4T Hacktivist actor Israel Website Defacement Cyb3r Drag0nz Kurdish Kurdish hacktivist group Israel Legal sector Website defacement Cyb3r Drag0nz Kurdish Kurdish hacktivist group Qatar Private companies Defacement & alleged data leak DieNet Pro-Iran hacktivist Qatar Government portals DDoS attacks DieNet Pro-Iran hacktivist Azerbaijan Government Threat announcement 313 Team Islamic Cyber Resistance Bahrain Government portals DDoS attacks Key Observations Israel is the most frequently targeted country in the reported campaigns. Government and public-sector infrastructure appear to be the primary targets. DDoS attacks remain the most commonly claimed attack method. Several campaigns extend beyond Israel to regional allies including Bahrain, Qatar, and Azerbaijan, indicating potential cyber spillover. Reported Hacktivist Cyber Operations Global Cyber Campaign Call by Cyber Jihad Movement Attacker (Claimed Affiliation): Iran-aligned hacktivist collective – Cyber Jihad Movement Victim Countries: United States, Israel, Pakistan, India, and allied Arab governments Activity: Public call for coordinated cyber attacks The group released a public message encouraging supporters to participate in cyber attacks targeting government institutions, financial organizations, and businesses across multiple countries. The statement framed the campaign as part of a broader ideological cyber initiative against Western and allied governments. While the announcement itself does not confirm operational activity, such calls often serve as catalysts for hacktivist campaigns coordinated across multiple actor groups.   Database Breach Claim Targeting Iranian E-Commerce Platform Attacker: Anonymous Syria Hackers Victim Country: Iran Activity: Alleged database breach and data leak The hacktivist group claimed to have compromised the database of an Iranian e-commerce website. According to the announcement, the dataset allegedly contains user account information including email addresses and login credentials with passwords hashed using bcrypt. The group later posted the dataset on a darknet forum where users were required to interact with the post to unlock the download link. DDoS Campaign Targeting Israeli Government and Financial Platforms Attacker (Claimed Affiliation): Pro-Iran hacktivist collective – DarkStorm Team Victim Country: Israel Activity: Distributed Denial of Service attacks against government and financial services The group claimed responsibility for launching DDoS attacks against multiple Israeli organizations including the Prime Minister’s Office, government ministries, and financial platform MAX. Monitoring links shared by the group suggested temporary service disruptions affecting several websites. Cyber Attacks Targeting Bahraini Government and Media Platforms Attacker (Claimed Affiliation): Iran-aligned hacktivist actor – Hider_Nex Victim Country: Bahrain Activity: Website disruptions targeting government and media platforms The group claimed attacks against several Bahraini organizations including the Telecommunications Regulatory Authority, Tatweer Petroleum, and the Bahrain News Agency. Screenshots shared by the attackers suggested temporary outages affecting targeted websites. Alleged Data Leak of Israeli Personal and Government Records Attacker (Claimed Affiliation): Pro-Iran hacktivist collective – 404 Crew Cyber Team Victim Country: Israel Activity: Data leak associated with the #OpIsrael cyber campaign The group claimed to have leaked Israeli personal documents including passports and birth certificates belonging to approximately 120 individuals. The dataset allegedly also includes information associated with Israeli government entities, including the Ministry of Defense. The files were reportedly distributed through downloadable archives and torrent links. DDoS Attacks Targeting Israeli Organizations Attacker (Claimed Affiliation): Nation of Saviors Alliance Victim Country: Israel Activity: Distributed Denial of Service attacks targeting private sector and telecommunications platforms The group claimed cyber attacks targeting organizations including Bezeq Communications, SEKO Logistics, the Israel Deaf Sports Organization, and the Association of Americans and Canadians in Israel (AACI). Monitoring screenshots suggested temporary disruptions affecting several websites. Website Defacement Targeting Israeli Website Attacker: Z-BL4CX-H4T Victim Country: Israel Activity: Website defacement and propaganda messaging The threat actor claimed responsibility for defacing an Israeli website by replacing the homepage with political messaging and symbolic imagery associated with pro-Palestinian cyber campaigns. The announcement also referenced several affiliated hacktivist groups. Defacement of Israeli Law Firm Website Attacker (Claimed Affiliation): Cyb3r Drag0nz Kurdish Victim Country: Israel Activity: Website defacement The group claimed to have compromised and defaced the website of an Israeli law firm. The attackers replaced the webpage with messaging supporting pro-Palestinian cyber operations and referenced several allied hacktivist groups. Cyber Attacks Targeting Qatari Companies Attacker (Claimed Affiliation): Cyb3r Drag0nz Kurdish Victim Country: Qatar Activity: Website defacement and alleged data leak The group announced cyber attacks targeting companies including Seedeco and the Al Emadi Group of Companies. The attackers claimed to have defaced websites and released company-related data through download links shared on their Telegram channel. Cyber Attacks Against Qatari Government Platforms Attacker (Claimed Affiliation): DieNet Victim Country: Qatar Activity: Distributed Denial of Service attacks targeting government websites The group claimed cyber attacks against multiple government platforms including the Ministry of Interior, Ministry of Labor, the Hukoomi eGovernment portal, and the General Authority of Customs. The attackers stated that the campaign caused temporary disruptions across several services. Threats Against Azerbaijani Government Platforms Attacker (Claimed Affiliation): DieNet Victim Country: Azerbaijan Activity: Threat announcement for upcoming cyber attacks The group publicly announced plans to target Azerbaijani government websites in response to Azerbaijan’s cooperation with Israel and the United States in military and intelligence matters. Cyber Attacks Targeting Bahraini Government Websites Attacker (Claimed Affiliation): 313 Team – Islamic Cyber Resistance in Iraq Victim Country: Bahrain Activity: Distributed Denial of Service attacks against government portals. The group claimed cyber attacks targeting several Bahraini government platforms including the Prime Minister’s Office and the Ministry of Foreign Affairs. The campaign allegedly caused service disruptions across several official websites. Strategic Implications The observed cyber activity highlights how hacktivist groups increasingly participate in geopolitical conflicts through disruptive cyber operations. These actors often operate as loosely coordinated cyber collectives, leveraging messaging platforms to mobilize supporters and publicize claimed attacks. Although many of the reported incidents appear to involve low to moderate technical sophistication, their cumulative impact can still generate service disruptions, reputational damage, and geopolitical signaling. The broad geographic scope of targeting also demonstrates the growing risk of cyber spillover during regional conflicts. Conclusion The cyber campaigns linked to the Iran–Israel–US geopolitical tensions illustrate how modern conflicts increasingly extend into the digital domain. Hacktivist collectives have emerged as visible participants in these campaigns, using disruptive cyber attacks and public data leaks to amplify ideological narratives and demonstrate political alignment. As geopolitical tensions continue to evolve, organizations worldwide should remain vigilant against opportunistic cyber attacks conducted by ideologically motivated threat actors seeking to exploit international conflicts for political messaging and cyber influence. Contributors:   Siva Prasad Boddu Rudra Pratap