Cyber and information operations intensify amid US-Israel strikes on Iran under “Operation Epic Fury”
US and Israeli military action against Iran under “Operation Epic Fury” has been accompanied by heightened cyber activity and public acknowledgment of offensive cyber operations. Reporting indicated a surge of pro-Iranian activity including DDoS attacks, attempted compromises, and targeting of critical infrastructure, with researchers warning that Iranian state-linked actors tied to the IRGC and MOIS, as well as aligned hacktivists, are likely to sustain retaliatory operations aimed at economic, reputational, and potentially physical disruption. Separately, reporting alleged Israeli intelligence conducted long-running surveillance by compromising Tehran traffic cameras, exfiltrating encrypted video and telemetry to servers outside Iran to build “pattern of life” intelligence on senior leadership movements.
The Pentagon also elevated the visibility of cyber as a warfighting domain, with the Chairman of the Joint Chiefs describing coordinated space and cyber effects used to “disrupt, degrade, and blind” Iranian communications and sensor networks, though without operational detail. In parallel but unrelated to the Iran conflict, Russia’s internet regulator Roskomnadzor and the Russian Defense Ministry reported a “complex multi-vector” DDoS incident that temporarily disrupted multiple government sites, with traffic attributed to botnets and servers across several countries and continued user-reported instability after initial containment.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Researchers report surge of pro-Iranian cyberattacks on Israel and regional targets
Security researchers reported a barrage of cyberattacks by IRGC- and MOIS-linked actors and aligned hacktivist groups, including DDoS attacks, network compromises, data exfiltration, and destructive activity such as wipers and pseudo-ransomware. Reported targets included Israeli and US-aligned entities in energy, municipal, telecom, defense, media, and religious-city infrastructure, with claims also involving Saudi and UAE assets.
US cyber forces conduct offensive operations in Operation Epic Fury
During the Iran campaign, USCYBERCOM and SPACECOM delivered non-kinetic effects that disrupted and degraded Iranian communications and sensor networks as part of Operation Epic Fury. Pentagon officials said these cyber operations were integrated with land, air, and sea operations to reduce Iran's ability to coordinate and respond.
US-Israeli strike on Iran triggers broader conflict and cyber retaliation
A joint US-Israeli military strike on Iran set off a wider conflict that researchers say catalyzed a cyber retaliation ecosystem involving Iranian state-linked actors and aligned hacktivist groups. The resulting activity was described as regionally concentrated but capable of broader spillover.
Israeli intelligence reportedly compromises Tehran traffic cameras over years
Israeli intelligence services allegedly hacked traffic cameras across Tehran over multiple years to monitor the movements and security patterns of Ayatollah Ali Khamenei and other senior Iranian officials. The operation reportedly collected encrypted surveillance data and transmitted it to servers in Tel Aviv and southern Israel.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks
darkreading.com
Open sourceIsraeli spies ‘hacked every traffic camera in Tehran to plot killing of Iran’s Ayatollah Ali Khamenei’ - DataBreaches.Net
databreaches.net
Open sourceTop general spotlights cyber role in Iran conflict • The Register
go.theregister.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Cyber Operations Escalate Following US-Israeli Strikes on Iran
Military strikes by the United States and Israel against Iranian targets on **February 28, 2026** were followed within hours by a sharp escalation in cyber activity across the Middle East. Reporting describes widespread **DDoS attacks, website compromises, defacements, and breach claims**, with more than 150 hacktivist incidents reportedly claimed in the first two days of the crisis. Iranian connectivity was heavily disrupted, including outages affecting **IRNA**, while **Tasnim News** was reportedly compromised and displayed anti-regime messaging. The most affected sectors were identified as **government, aerospace and defense, and technology**, and regional states including **Israel, Kuwait, Jordan, Bahrain, Qatar, and the UAE** saw elevated cyber pressure. The surge also expanded beyond immediate regional targets, with security reporting warning that the conflict was driving attacks against global commercial sectors such as **travel, hospitality, and energy**. One cited example was a **March 11** claim by **Handala**, a hacktivist group alleged to have ties to Iranian intelligence, that it had conducted a large-scale **data-wiping attack** against medical technology company **Stryker**, allegedly destroying several terabytes of data. Additional reporting noted unconfirmed concerns that Iranian-linked actors could target the physical and digital infrastructure of major U.S. technology firms. The activity reflects a broader pattern of **geopolitically motivated cyber operations** acting as a force multiplier alongside kinetic conflict, rather than a standalone marketing or advisory narrative.
May 6, 2026
Cyber and electronic-warfare activity escalates amid US–Israeli strikes on Iran
Regional conflict following **U.S.–Israeli strikes on Iran** has been accompanied by heightened cyber and electronic-warfare activity affecting both military operations and civilian infrastructure. U.S. officials publicly acknowledged that **U.S. Cyber Command**, alongside space capabilities, conducted “non-kinetic” operations to **disrupt Iranian communications and sensor networks** in support of *Operation Epic Fury*, describing effects intended to degrade Iran’s ability to coordinate and respond; reporting also noted follow-on hack-and-leak style activity against Iranian-facing online properties (e.g., news sites and an app) and warned of potential retaliatory cyber activity by Iranian-aligned actors. In parallel, maritime intelligence reporting described a sharp increase in **GPS/AIS disruption (jamming/spoofing)** impacting shipping around the Strait of Hormuz, with vessels appearing in false locations and maritime authorities warning of elevated risk to navigation and safety. Iran’s domestic crypto ecosystem also showed signs of stress consistent with conflict conditions and connectivity constraints: observers reported **internet outages**, exchanges moving into risk-containment modes (e.g., batching/suspending withdrawals), and temporary restrictions on the **USDT–toman** trading pair under central bank direction—collectively reducing liquidity and market activity rather than clearly indicating capital flight. Separate reporting on Pakistan’s TV broadcast hijacks and a DDoS incident affecting Russian government sites appear unrelated to the Iran conflict-driven activity described above.
Apr 29, 2026
DDoS and Cyber Operations Escalate Amid Israel–U.S. Strikes on Iran
Threat monitoring and situation reporting tied a surge in **distributed denial-of-service (DDoS)** activity and broader cyber disruption to the escalation of the **Israel–U.S. conflict with Iran** in late February 2026. NSFOCUS reported sustained DDoS targeting of Iranian IP space following internal unrest and rising U.S.–Iran nuclear tensions, describing both botnet-driven floods and reflection/amplification techniques against **259 Iranian IPs**, including government, news, and network-infrastructure entities. As kinetic events intensified—particularly after Israel announced strikes on Iran—reporting described a sharp increase in DDoS activity and subsequent Iranian **network control measures**, including an internet shutdown intended to reduce exposure to anticipated cyberattacks. CloudSEK characterized the period as a shift into **hybrid conflict**, citing coordinated Israeli–U.S. strikes (described as *Operation Roaring Lion/Epic Fury*) alongside what it called a major cyber campaign contributing to a near-total Iranian internet blackout and disruption to government services, media, and parts of energy and aviation. In parallel, Russia’s internet regulator **Roskomnadzor** and the **Russian Defense Ministry** reported a separate “complex multi-vector” DDoS incident that briefly disrupted access to multiple Russian government websites and related infrastructure (including the **Main Radio Frequency Center**), with traffic attributed to servers/botnets across several countries; no actor claimed responsibility. While DDoS is a common tactic in geopolitical crises, the Russian incident appears operationally and geographically distinct from the Iran-focused escalation reporting.
Mar 21, 2026