As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks

As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks

Summary

Following a joint US–Israeli strike in Iran that killed the country’s Supreme Leader, a wide-ranging cyber response has unfolded. State-linked Iranian groups, pro-Iranian hacktivists and allied pro-Russian actors have launched coordinated campaigns including DDoS, data exfiltration, pseudo-ransomware, data-wiping, website defacements and attacks on critical infrastructure. Researchers from Check Point, Flashpoint, Unit 42 and Cisco Talos report attacks on energy facilities (including Saudi Aramco), an AWS data centre in the UAE, Israeli defence and civilian targets, and global SQL injection and credential-theft campaigns.

Security teams are warned to expect sustained, regionally focused activity that can cascade into global economic and infrastructure disruption. Organisations should assume heightened risk to partners and third parties in the Middle East and prepare for hybrid physical-to-cyber impacts.

Key Points

  • US–Israeli military action triggered an immediate and broad cyber response from pro-Iranian actors.
  • Attack types include DDoS, data exfiltration, SQL injection, pseudo-ransomware and destructive wipers.
  • Targets span energy infrastructure (Aramco, regional oil firms), cloud provider assets, defence contractors and civilian services.
  • Multiple threat clusters are involved: IRGC-linked operators (e.g. Cotton Sandstorm), MOIS-linked personas (e.g. Handala Hack), pro-Iranian umbrella groups (Cyber Islamic Resistance) and allied pro-Russian hacktivists.
  • Campaigns aim to inflict economic pain and infrastructure disruption as a form of retaliation and pressure.
  • Researchers expect the activity to persist and broaden, particularly affecting organisations with regional supply-chain links.
  • Defensive advice: enforce MFA, tighten third-party controls, increase monitoring and prepare for hybrid cyber–physical incidents.

Context and Relevance

This reporting matters because it documents a shift toward coordinated, multi-vector cyber campaigns tied directly to kinetic conflict. For organisations with any exposure to Middle Eastern partners or suppliers, or those in energy, telecoms and defence sectors, the operational risk has increased. The attacks illustrate how state and proxy cyber tools are being used for economic and infrastructure pressure, not just espionage — a trend that affects global supply resilience and incident response planning.

Why should I read this?

Heads up — this is the kind of briefing you want if you run security, manage suppliers or look after critical systems. It’s a fast snapshot of who’s active, what they’re doing, and where it hurts. We’ve done the reading so you can act: tighten MFA, check third parties in the region, and tune your monitoring. Seriously, don’t let this catch you flat-footed.

Author style

Punchy: the piece flags urgent, high-impact activity. The detail matters — if your organisation could be collateral, treat this as priority intel and follow the defensive steps researchers recommend.

Source

Source: https://www.darkreading.com/threat-intelligence/war-pro-iranian-actors-cyberattacks