New findings from Resecurity reveal that the ongoing Iran conflict has rapidly evolved into a multi-domain confrontation, where conventional military strikes are deeply integrated with cyber operations, electronic warfare, and psychological tactics. This convergence is reshaping the nature of modern warfare.
The February 28, 2026, joint U.S.–Israeli offensive against Iran extended far beyond traditional kinetic action. It triggered a surge in cyber and electronic operations aimed at disrupting communications, gathering intelligence, and weakening Iran’s command-and-control systems.
Hacktivist groups aligned with both sides have become active participants, launching distributed denial-of-service (DDoS) attacks, defacing websites, and conducting reconnaissance missions targeting critical infrastructure and government systems across the Middle East. These digital efforts are not isolated—they are often synchronized with physical operations to maximize strategic pressure and operational impact.
Resecurity identified several Iranian-aligned groups involved in the escalation, including Cyber Islamic Resistance, Fatimion Cyber Team, and Cyber Fattah. These actors have engaged in coordinated campaigns involving DDoS attacks, data theft, reconnaissance, and website defacement. On the opposing side, pro-Western hacktivist groups have targeted Iranian media platforms and religious applications in an attempt to undermine state narratives and influence public perception.
The broader cyber landscape also includes Iranian opposition actors operating from abroad—particularly in the United States, United Kingdom, European Union, Canada, and Australia—who are actively participating in digital operations against the regime.
According to Resecurity’s assessment, the conflict is likely to remain prolonged and disruptive, with significant humanitarian and economic consequences. While a full-scale regional war appears unlikely, sustained missile strikes, drone operations, and cyberattacks are expected to continue. Iran’s nuclear program remains a key concern, and cyber activity is projected to intensify, especially as internal internet restrictions limit the operational reach of domestic state-backed groups.
Cyber and electronic tactics are increasingly being used to support battlefield objectives while also shaping the psychological dimension of the conflict. U.S. and allied forces have reportedly leveraged cyber reconnaissance to support targeting and assess battle damage, while Iranian-affiliated actors exploit vulnerabilities to strike regional and Western targets.
Artificial intelligence is also playing a growing role, with AI-driven influence campaigns and social media manipulation amplifying misinformation and undermining adversary morale. This fusion of digital and physical warfare signals a major shift in conflict dynamics, where cyber capabilities are deployed alongside traditional weapons systems.
Resecurity further reported a sharp increase in cyber activity following the U.S.–Israeli strikes, with both sides targeting critical infrastructure, military logistics, and symbolic digital assets. Cyber operations are no longer limited to disruption—they are increasingly used to support military decision-making and enhance the effectiveness of kinetic actions.
Recent incidents highlight the expanding scope of the conflict, including cyberattacks on regional media platforms and a significant Iran-linked breach affecting global operations at Stryker Corporation. At the same time, geopolitical shifts—such as evacuations and transitions to remote work—are increasing the attack surface for organizations worldwide.
Iran has also declared U.S. financial institutions and multinational technology firms as legitimate cyber targets, signaling a broader strategic use of offensive cyber capabilities.
Despite the surge in activity, many DDoS attacks targeting U.S. and Israeli assets have been relatively unsophisticated, often relying on basic tools that generate disruption rather than lasting damage. These campaigns, however, still force organizations to divert resources and remain on high alert.
Iran’s cyber capabilities in this domain remain somewhat constrained, leading to reliance on hacktivists and underground services. Some operations have utilized rented “stresser” platforms and networks of compromised devices to generate attack traffic.
At the same time, cyber operations are embedded within a wider strategic ecosystem. Alliances such as the so-called “Islamic Resilience Cyber Axis” are driving recruitment, coordination, and influence campaigns, including AI-enabled information operations. Notably, cyber infrastructure itself has become a target, with strikes reported against Iranian-linked cyber facilities in Tehran.
Hacktivist groups have also expanded their targeting to include Israeli defense contractors and entities within the broader defense industrial base. Actors such as the 313 Team have been particularly active in claiming such operations. Other groups, including Cyber Fattah, have focused on sectors like energy infrastructure, with reported activity targeting Jordan.
Additionally, attempts have been made to exploit vulnerabilities in internet-connected devices, including surveillance cameras, using known security flaws. These efforts highlight the growing importance of exploiting exposed digital infrastructure in modern conflicts.
International actors have also entered the cyber domain. Some Russian-speaking groups have claimed involvement, though their activities appear largely opportunistic rather than centrally coordinated.
Resecurity noted that while Iranian-aligned hacktivist groups have carried out data theft, defacement, and data-wiping attacks targeting logistics providers, their overall impact on core operations remains limited. Resource constraints, infrastructure challenges, and time pressures continue to hinder more sophisticated campaigns.
However, the threat is expected to evolve, with a possible shift toward ransomware-style operations aimed at achieving strategic leverage rather than financial gain.
Misinformation has also become a key battlefield. False claims, recycled data, and manipulated content—including video game footage presented as real combat—are being used to create confusion and influence public perception. Competing narratives from both sides further complicate the information environment.
At the same time, pro-Western hacktivist groups continue to target Iranian digital infrastructure, contributing to an increasingly active and volatile cyber front.
Overall, the surge in hacktivist activity underscores the growing importance of cyber operations as a parallel battlefield in modern geopolitical conflicts. Loosely affiliated groups—sometimes acting as proxies—are amplifying the reach and impact of state-aligned campaigns.
In conclusion, Resecurity emphasizes that the Iran conflict has entered a new phase defined by the convergence of cyber and kinetic warfare. Both Iranian-aligned and pro-Western actors are actively engaged in digital attacks, including DDoS campaigns, data-wiping operations, and influence activities. This evolving landscape highlights how cyber warfare and hacktivism have become central tools of retaliation, disruption, and strategic influence in contemporary conflicts—blurring the line between digital and conventional war.
Source: Industrialcyber Edited by Bernie
