Iran-linked hackers raise threat level against US, allies - Cybersecurity Dive

Iran-linked hackers raise threat level against US, allies Security researchers warn that hacktivists and state-linked groups are using DDoS, phishing and other tactics against critical infrastructure. Published March 2, 2026 David Jones Reporter Share License Add us on Google Iranians protest against attacks on Iran by Israel and the United States on Feb. 28, 2026, in Tehran. Iran launched a wave of missiles at Israel and regional U.S. military sites in response to today’s attacks. Hacktivists and state-linked groups are also beginning to target the U.S. and allied interests with cyberattacks. Majid Saeedi via Getty Images Security researchers and allied cyber authorities are warning of a heightened threat environment after the U.S. and Israel launched a wide ranging air and sea campaign targeting Iranian military and government assets. State-linked threat groups and hacktivists have accelerated reconnaissance and espionage activity in response to the bombing campaign, and security researchers warn of an escalation in attacks, including distributed denial of service, wipers and other malicious activity.  “Iranian cyber espionage has resumed after a brief lull during the initial military strikes, and hacktivist fronts with ties to the IRGC (Islamic Revolutionary Guard Corps) are making claims and threats about disruptive attacks in the region,” John Hultquist, chief analyst, Google Threat Intelligence Group, said on Sunday.  Iran-linked groups are expected to launch attacks against U.S., Israeli and Gulf Cooperation Council member countries, with a focus on critical infrastructure providers and other targets of opportunity, Hultquist said. CrowdStrike researchers on Saturday warned that Iran-aligned groups were already conducting reconnaissance and initiating DDoS attacks.  “These behaviors often precede more aggressive operations,” Adam Meyers, CrowdStrike’s head of counter adversary operations, told Cybersecurity Dive.  Meyers noted that, in past conflicts, Iran-backed groups have “aligned their activity with broader strategic objectives that increase pressure and visibility at targets.” These include energy, critical infrastructure, finance, telecommunications and healthcare. Meyers on Monday said a threat actor tracked as Hydro Kitten has made specific threats targeting the financial services sector. Security researchers report seeing DDoS and other attacks against critical infrastructure sites in multiple countries. A group calling itself the Cyber Islamic Resistance Axis claimed credit for an attack targeting 130 remote-control systems at an Israeli-based firm called Control Applications Ltd., according to researchers at Flashpoint.  Federal officials confirmed they are actively monitoring for any potential threat activity targeting the U.S.  “I am in direct coordination with our federal intelligence and law enforcement partners as we continue to closely monitor and thwart any potential threats to the homeland,” Department of Homeland Security Sec. Kristi Noem said in a statement.  The UK National Cyber Security Centre is urging U.K. businesses to take precautions to protect against potential hacktivist attacks.   Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter Email: Sign up “In light of rapidly evolving events in the Middle East, it is critical that all U.K. organisations remain alert to the potential risk of cyber compromise, particularly those with assets or supply chains that are in areas of regional tensions,” Jonathon Ellison, director of national resilience at NCSC, said in a statement. Editor’s note: Updates with comment from the Department of Homeland Security. Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Threats, Policy & Regulation