On February 28, 2026, a coordinated military operation between the United States and Israel (Operation Epic Fury and Operation Roaring Lion) triggered retaliatory cyberactivity from Iran. Unit 42 observed a multi-vector campaign targeting perceived adversaries, including hacktivist groups and state-aligned threat actors.
Iran's internet connectivity significantly declined, limiting coordination among state-aligned cyber units but providing greater autonomy for geographically dispersed operators. These actors are anticipated to target U.S.-hosted regions with less sophisticated attacks such as distributed denial-of-service (DDoS) and hack-and-leak campaigns.
Historically, Iran-backed groups have employed advanced techniques like AI-enhanced spear-phishing, exploiting vulnerabilities, and using covert infrastructure. Palo Alto Networks advises deploying advanced threat prevention, URL filtering, and DNS security measures to mitigate these threats.
The incident response team can assist with identifying and mitigating cyberattacks.