As geopolitical tensions escalate after military operations against Iran, cybersecurity researchers report a wave of coordinated hacktivist cyberattacks targeting government systems, financial institutions, and telecom infrastructure across the region.

Cybersecurity researchers have warned of a significant increase in hacktivist cyber activity following the U.S.–Israel military campaign against Iran, known as Epic Fury and Roaring Lion.

Security analysts say the cyber dimension of the conflict is expanding rapidly. Several hacktivist groups have launched distributed denial-of-service (DDoS) attacks, website disruptions, and influence campaigns against organizations across the Middle East and beyond.

Massive Spike in Hacktivist Activity

According to security researchers, 149 hacktivist DDoS attack claims were recorded over just a few days, targeting 110 organizations across 16 countries.

The majority of attacks focused on Middle Eastern infrastructure.

Key findings include:

• 107 attacks targeted Middle Eastern organizations
• Government institutions accounted for nearly 48% of victims
• Financial services and telecom sectors were also heavily targeted
• 12 hacktivist groups participated in the campaign

Researchers say the digital battlefield is expanding alongside the physical conflict.

Three Countries Became Primary Targets

The attacks were heavily concentrated in three countries:

• Kuwait — 28% of attacks
• Israel — 27.1%
• Jordan — 21.5%

These targets include public infrastructure, government networks, and strategic digital services, which are often used for public communication and national operations.

Because of their visibility, these systems are common targets during geopolitical conflicts.

The Groups Driving Most of the Attacks

Cybersecurity analysis indicates that two hacktivist groups generated nearly 70% of all activity during the peak period.

The most active groups include:

• Keymous+
• DieNet
• NoName057(16)

Additional groups involved in cyber operations include:

• Nation of Saviors (NOS)
• Conquerors Electronic Army (CEA)
• Handala Hack
• Cyber Islamic Resistance
• Dark Storm Team
• FAD Team
• Sylhet Gang
• 313 Team

These groups often coordinate attacks publicly through messaging platforms and social media channels.

Hack-and-Leak Operations Also Observed

One of the earliest attacks in the campaign was launched by Hider Nex, also known as Tunisian Maskers Cyber Force, a hacktivist group that supports pro-Palestinian causes.

Researchers say the group typically uses a hack-and-leak strategy, combining:

• DDoS attacks
• website breaches
• stolen data leaks

These operations aim to disrupt services while also gaining political attention.

Other Cyber Operations Linked to the Conflict

Security researchers have also observed several related cyber activities across the region:

Fake Emergency Apps Spreading Malware

A phishing campaign used a fake version of Israel’s RedAlert emergency app to trick users into installing malware capable of surveillance and data theft.

Infrastructure Targeting

Some reports suggest cyber operations aimed at energy companies and data infrastructure, highlighting how geopolitical tensions increasingly involve digital systems.

Financial Network Monitoring

Cryptocurrency exchanges operating in Iran have adjusted their operations due to concerns about connectivity disruptions and financial instability.

Governments Warn of Growing Cyber Risks

Security agencies in multiple countries have warned organizations to prepare for possible cyber incidents connected to the conflict.

Experts recommend that organizations immediately:

• Increase network monitoring
• Review exposed internet-facing systems
• Update threat intelligence signatures
• Validate IT and operational technology (OT) network segmentation
• Strengthen DDoS mitigation defenses

The Cyber Battlefield Is Expanding

Cybersecurity experts say modern conflicts increasingly involve parallel cyber operations designed to disrupt infrastructure, influence public perception, and gather intelligence.

Iran-linked actors and hacktivist groups have historically combined espionage, disruption, and psychological influence campaigns during periods of geopolitical tension.

As a result, organizations in government, finance, telecom, energy, and critical infrastructure sectors are expected to remain high-value targets.