Cyberwarfare during the 2026 Iran war

Cyberwarfare during the 2026 Iran war is the digital and information operations conducted by Israel, the United States, Iran, and affiliated hacktivist groups as part of the ongoing 2026 Iran war that began on 28 February 2026.

The cyber domain played a supporting role in the initial kinetic strikes, with coordinated U.S.–Israeli operations reportedly disrupting Iranian command, control, and sensor networks ahead of airstrikes.[1] Israel also conducted large-scale information operations, including the compromise of a popular Iranian prayer app and state broadcasting channels. Iran and pro-Iran hacktivists threatened and claimed retaliatory cyberattacks, though widespread internet blackouts inside Iran limited their effectiveness.[2][3]

Background

The 2026 Iran war erupted on 28 February 2026 when Israel and the United States launched coordinated airstrikes (codenamed Operation Roaring Lion and Operation Epic Fury) targeting Iranian leadership, nuclear facilities, and military sites, including the assassination of Supreme Leader Ali Khamenei. Cyber and electronic-warfare capabilities were integrated into the opening phase to disrupt Iranian command-and-control, communications, and sensor networks.[1][4]

Iran has maintained an active state-sponsored cyber program for years, and has previously been both perpetrator and victim of state-sponsored cyber operations (notably Stuxnet in 2010) with documented capabilities in wiper malware, distributed denial-of-service (DDoS) attacks, and espionage against critical infrastructure.[4] Prior to the 2026 conflict, Iran had conducted cyberattacks on financial institutions and election-related targets, and maintained proxy hacktivist networks for plausible deniability.[4]

Operations by Israel and the United States

On 28 February 2026, as airstrikes began, coordinated cyberattacks targeted Iranian infrastructure, state media outlets, and mobile applications. U.S. Chairman of the Joint Chiefs of Staff Gen. Dan Caine stated that "coordinated space and cyber operations effectively disrupted communications and sensor networks" in Iran prior to the main kinetic strikes, with the explicit goal of leaving the adversary "disrupted, disoriented and confused."[1]

Israeli operators compromised the popular Iranian prayer app BadeSaba Calendar (more than five million downloads). Users received push notifications in Persian urging military personnel and civilians to defect, lay down arms, or join opposition forces. Messages included phrases such as "Help has arrived," "It's time for reckoning," and "For the freedom of our Iranian brothers and sisters … lay down your weapons or join the forces of liberation.""[4][5]

Several official Iranian news websites, including state-run IRNA, were defaced with anti-regime messages. Additional intrusions targeted government services and military systems to hinder coordinated responses.[4] Electronic warfare components included GPS and automatic identification system (AIS) disruptions affecting over 1,100 ships in the Gulf region.[4]

Israeli intelligence reportedly maintained long-term access to Tehran traffic-camera networks and mobile-phone infrastructure, using the feeds to support targeting of senior Iranian leaders, including the strike that killed Khamenei.[1] After Israeli airstrikes damaged offices of state broadcaster IRIB, hackers hijacked at least two channels and aired recorded speeches by U.S. President Donald Trump and Israeli Prime Minister Benjamin Netanyahu calling on Iranians to rise against the regime.[1]

These operations coincided with a near-total internet blackout across Iran. Connectivity fell to 1–4 % of normal levels for more than 60 hours, severely impairing government communications, state media, and public services. NetBlocks and other monitors attributed the outage to a combination of physical strikes on data centers and large-scale cyber disruption described by some Israeli sources as "the largest cyberattack in history."[6][4][7][8]

Attacks on Pakistani media

Several leading Pakistani television news channels were hacked on the evening of 1 March 2026, during the early phase of cyber operations linked to the US-Israeli strikes on Iran. Broadcasts on Geo News, ARY News and Samaa TV were interrupted after Iftar, with unauthorised messages displayed that supported Israel's Mossad intelligence agency and urged viewers to "stand up to" the Pakistan Armed Forces and its leadership.[9][10] Geo News management immediately stated that the channel had faced repeated hacking attempts on its PakSat satellite feed for the previous 24 hours and that the aired message had no connection with the broadcaster. The channel called on authorities to investigate and take immediate action.[11]

In tandem with the broadcast disruptions, Google advertisement campaigns promoting Mossad appeared on multiple Pakistani news websites. The campaigns were reported to have targeted users in Pakistan as well as in Iran and other Asian countries.[9][12] Pakistani authorities, including the Pakistan Telecommunication Authority and PakCERT, launched investigations and implemented counter-cyber measures.[10]

In retaliation, the following day, a group calling itself “Pakistan Cyber Force” hacked the Indian news channel ABP News and broadcast pro-Pakistan Army content.[13][12]

Iranian responses and hacktivist activity

Iranian state-sponsored actors and pro-Iran hacktivist collectives threatened retaliatory cyberattacks on U.S., Israeli, and allied critical infrastructure, including distributed-denial-of-service (DDoS) attacks, data wipers, and information operations.[2][4] However, the domestic internet blackout and degradation of Iranian leadership structures severely limited state actors' ability to coordinate sophisticated operations in the first days of the conflict.[3]

A surge in hacktivist activity was observed, with more than 60 groups claiming actions by 2 March 2026. Notable claims included: Handala Hack (linked to Iran's Ministry of Intelligence) compromising Israeli energy firms, Jordanian fuel systems, and healthcare targets. Cyber Islamic Resistance, Dark Storm Team, FAD Team, conducted low-level DDoS attacks, website defacements, and phishing campaigns, primarily targeting entities in the Middle East, Israel, and the United States. Analysts noted that Iran's own blackout limited large-scale state-directed operations from within the country, shifting activity toward external proxies.[4][14][3]

On 15 March, Iran likely executed the biggest wartime cyberattack against the U.S. in history, and experts warned that more such attacks are likely.[15]

Impact and reactions

The cyber operations contributed to psychological pressure on the Iranian regime and temporarily blinded parts of its command network. Regionally, electronic warfare affected maritime navigation, and cloud outages impacted businesses across the Middle East. U.S. and allied financial institutions raised alerts for potential follow-on Iranian cyberattacks.[14] The Cybersecurity and Infrastructure Security Agency (CISA) faced resource constraints amid leadership changes and a partial government shutdown.[16]

The cyber operations disrupted Iranian government and military coordination in the early hours of the conflict and amplified information warfare aimed at encouraging internal dissent.[4]

See also

References

  1. ^ a b c d e "Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran". TechCrunch. 3 March 2026. Archived from the original on 3 March 2026. Retrieved 4 March 2026.
  2. ^ a b "Cyber threat bulletin: Iranian Cyber Threat Response to US/Israel strikes, February 2026". Canadian Centre for Cyber Security. 2 March 2026. Retrieved 4 March 2026.
  3. ^ a b c "Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran". Palo Alto Networks. 2 March 2026. Archived from the original on 3 March 2026. Retrieved 4 March 2026.
  4. ^ a b c d e f g h i j "How Will Cyber Warfare Shape the U.S.-Israel Conflict with Iran?". Center for Strategic and International Studies. 3 March 2026. Retrieved 4 March 2026.
  5. ^ "Israel hacked popular Iranian prayer app to urge defections, resistance". The Wall Street Journal. 1 March 2026. Retrieved 4 March 2026.
  6. ^ "Why did US and Israel attack Iran and how long could the war last?". BBC News. 2 March 2026. Archived from the original on 28 February 2026. Retrieved 4 March 2026.
  7. ^ "Iran's internet down amid reports of US-Israel cyberattacks". CNBC. 2 March 2026. Archived from the original on 3 March 2026. Retrieved 4 March 2026.
  8. ^ "...Israel plunges Iran into darkness". The Jerusalem Post. March 2026. Archived from the original on 4 March 2026. Retrieved 4 March 2026.
  9. ^ a b "Pakistani news channels hacked with pro-Mossad messages". The Express Tribune. 2 March 2026. Retrieved 15 March 2026.
  10. ^ a b "CERT investigates cyberattacks on TV channels, websites". Dawn. 3 March 2026. Retrieved 15 March 2026.
  11. ^ "Repeated attempts to hack Geo News foiled, channel disowns malicious broadcast message". Geo News. 1 March 2026. Retrieved 16 March 2026.
  12. ^ a b "'Pakistan Cyber Force' group hacks India's ABP News day after Pakistani channels targeted". Arab News. 2 March 2026. Retrieved 15 March 2026.
  13. ^ "Geo News' transmission hacked; subversive message displayed". Dawn. 1 March 2026. Retrieved 16 March 2026.
  14. ^ a b "US banks on high alert for cyberattacks as Iran war escalates". Reuters. 3 March 2026. Retrieved 4 March 2026.
  15. ^ Volz, Dustin; Loftus, Peter (16 March 2026). "Hack on U.S. Medical Company Shows Reach of Iran's Cyber Capabilities". The Wall Street Journal. Retrieved 16 March 2026.
  16. ^ "The lead U.S. cyber agency is stretched thin as Iran hacking threat escalates". CNBC. 3 March 2026. Retrieved 4 March 2026.
This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.