Cyberwarfare ignites in US-Israel-Iran war

As the war between the US, Israel, and Iran enters its fourth day, conflict has expanded onto the cyber front amid a large wave of cyberattacks and DDoS assaults launched by pro-Iranian and pro-Israeli actors.

Cybersecurity researchers say that at least 53 pro-Iran hacking groups are currently active, with some pro-Russian factions now joining in support of Tehran following the US-Israel strikes that began on Saturday.

These groups have unleashed ransomware, data breaches, and distributed denial-of-service (DDoS) attacks, with the aim of flooding targets to render their services inaccessible.

Among the key actors, Iran state-linked CyberAv3ngers announced its operational return via Telegram, according to Flashpoint tracking, with a focus on industrial control systems.

The Cyber Islamic Resistance Axis claimed to have infiltrated more than 130 remote-control systems belonging to Shlomi Control Applications Ltd., a firm specialising in industrial control systems.

The pro-Iran and pro-Palestine Handala Hack Team likewise claims to have breached Israel Opportunity Energy, an oil and gas exploration firm, deploying ransomware and warning that "the beginning of massive cyber attacks" was imminent.

APT Iran, meanwhile, claimed a cyber-sabotage operation against Jordan’s critical infrastructure. This included a breach of the internal network at the Jordanian Silos & Supply General Company, where they alleged gaining control over critical systems managing temperature and other functions at northern silos in Irbid with the goal of gradually spoiling grain stocks and cause financial discrepancies.

The disruptions have also rippled into banking and cloud services across the region.

DieNet-affiliated channels claimed DDoS activity targeting multiple Middle East-based banking organisations, including Kuwait Finance House, Jordan Commercial Bank, Weyay Bank, Al Bank of Kuwait, and Jordan Kuwait Bank. The banks have not, however, reported significant disruptions to their operations.

Abu Dhabi Commercial Bank said its mobile banking services were temporarily unavailable on Monday due to an IT disruption across the region, though it is unclear if this connects to broader issues like the disruptions at Amazon Web Services’ data centres in Bahrain and the UAE.

Amazon Web Services confirmed that drone strikes damaged three of its data centre facilities in the UAE and Bahrain on Sunday, causing power disruptions and prolonged service outages, with the extent of structural damage potentially leading to extended downtime.

American cybersecurity firm CrowdStrike has noted early activity consistent with Iranian-aligned threat actors and hacktivists, saying that data assets are no longer safe from kinetic damage.

Israel expands its cyberattacks

Israel likewise appears to have pierced Iran's cyber defences amid Tehran's self-imposed internet blackout.

Internet connectivity fell to around 1% of ordinary levels, according to NetBlocks, with the company’s CEO Alp Toker saying this is likely intended to counter potential inbound cyberattacks during its military operations.

Iran’s National Cybersecurity Command issued an advisory urging citizens to delete or deactivate foreign messaging and social media platforms, alleging hostile cyber infiltration attempts.

On Saturday morning, just as the initial US-Israeli attacks unfolded in Iran, users of the Iranian Muslim prayer app BadeSaba Calendar received notifications urging Iran’s military personnel to defect and join the fight to "liberate" the country, with messages like "Help is on the way" and "It’s time for reckoning" sent to many of the application’s 5 million users.

Some Iranian news sites, including state news agency IRNA, were hacked to display pro-Israel news segments on the initial attacks on Saturday and, as state media later reported, "discredit the regime".

The Jerusalem Post reported that Iranian government services and military targets were likewise impacted by a series of hacks and DDoS incidents, though The New Arab have not been able to verify these claims.

These developments come as the UK’s National Cyber Security Centre (NCSC) issued an advisory on Monday urging organisations to act in response to the "evolving events" in the Middle East and review their cybersecurity posture.

The agency warned of a heightened risk of indirect cyber threats for those with a presence or supply chains in the region, noting that Iranian state and Iran-linked cyber actors "almost certainly maintain at least some capability to conduct cyber activity".

It added that while there is likely no significant change in the direct cyber threat from Iran to the UK, organisations should prepare for collateral damage from Iran-linked agents by boosting monitoring of IT systems and following NCSC guidelines.​

The shift to cyberwarfare has become commonplace now between Israel and Iran, with Radware and other firms documenting massive spikes like the 700% surge in attacks on Israel during the June 2025 conflict.