Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Reduce Alert Fatigue to Improve SOC Efficiency and Cut Business Costs
July 1, 2026
Home/Threats/Iran-Linked Cyber Campaigns Align with Electronic and Psychological Warfare
Threats

Iran-Linked Cyber Campaigns Align with Electronic and Psychological Warfare

Key Takeaways A February 2026 military conflict between US-Israeli forces and Iran quickly escalated into unprecedented cyber and electronic warfare. Iranian-aligned hacktivist groups, coordinated by...

David kimber
David kimber
March 18, 2026 4 Min Read
30 0

Key Takeaways

  • A February 2026 military conflict between US-Israeli forces and Iran quickly escalated into unprecedented cyber and electronic warfare.
  • Iranian-aligned hacktivist groups, coordinated by the “Islamic Resilience Cyber Axis,” launched extensive DDoS attacks, data theft, and data-wiping operations against Western and Gulf targets.
  • The conflict saw the most widespread GPS spoofing and jamming campaign ever recorded, causing severe navigational disruptions for over a thousand commercial vessels.
  • Iranian-aligned threat actors exploited vulnerabilities in Hikvision (CVE-2017-7921, CVE-2021-36260, CVE-2023-6895, CVE-2025-34067) and Dahua (CVE-2021-33044) cameras, for which patches are available.

A joint US-Israeli military operation initiated strikes within Iran on February 28, 2026, marking the beginning of a conflict that rapidly expanded beyond conventional warfare into the digital realm. Iran retaliated swiftly with ballistic missile and drone attacks targeting Bahrain, Kuwait, Iraq, Saudi Arabia, the UAE, Israel, and Qatar.

Table Of Content

  • Key Takeaways
  • Cyber Onslaught from Iranian-Aligned Groups
  • Electronic Warfare and GPS Spoofing: A Hidden Battlefield
  • What You Should Do

Immediately, hacktivist factions on both sides mobilized, launching attacks against critical infrastructure, military logistics, and government systems. This synchronized escalation represented one of the most significant convergences of physical and digital conflict ever witnessed in the Middle East.

Cyber Onslaught from Iranian-Aligned Groups

Following the initial kinetic strikes, Iranian-aligned groups launched a series of cyberattacks against targets in the US, Israel, and the Gulf Cooperation Council (GCC). These operations included distributed denial-of-service (DDoS) campaigns, website defacements, and destructive data-wiping attacks, alongside data theft.

These activities were orchestrated by the Islamic Resilience Cyber Axis, a network established between 2024 and 2025, which operates an Electronic Operations Room to coordinate malicious cyber activities. Groups such as Cyber Islamic Resistance, Fatimion Cyber Team, Cyber Fattah, DieNet, and Sylhet Gang-SG participated in these efforts. Concurrently, pro-Western hacktivists targeted Iranian news sites, religious applications, and government portals. The darknet ecosystem further fueled the conflict, experiencing a surge in propaganda, recruitment drives, and the trade of stolen data.

Analysts at Resecurity observed a sharp increase in activity from several Iran-linked threat actors. Among them was the newly identified Cyber Isnaad Front, which published a targeted hit list of individuals across various industries in Israel.

On March 11, 2026, the Handala Hack Team, identified by Resecurity as a highly credible and active group during the conflict, claimed responsibility for a cyberattack against Stryker Corporation, a US-based medical technology company. This attack reportedly disrupted Stryker’s global network and led to the exfiltration of a substantial volume of sensitive data. Handala stated the attack was in retaliation for a missile strike on a school in Minab, Iran.

The cyberattacks demonstrated clear intent. Iranian-aligned actors utilized credentials obtained through infostealer malware to gain access to web panels and applications, with a particular focus on energy infrastructure in Jordan. Additionally, hacktivists scanned Israeli network ranges for exposed IoT devices, exploiting vulnerabilities in Hikvision and Dahua cameras. Specific vulnerabilities targeted included CVE-2017-7921, CVE-2021-36260, CVE-2023-6895, and CVE-2025-34067 for Hikvision devices, and CVE-2021-33044 for Dahua devices. Patches are currently available for all these identified CVEs.

The broader campaign also impacted multiple Pakistani television channels, websites, and mobile applications, prompting Pakistan’s National Computer Emergency Response Team (CERT) to initiate a formal investigation. The conflict’s physical dimension also affected digital infrastructure, with at least three Amazon data centers in the UAE and Bahrain sustaining damage from Iranian drone strikes. Furthermore, the bombing of the IRGC’s Cyber Warfare headquarters in eastern Tehran reportedly limited Iran’s centralized response capabilities, driving more cyber activity through proxy groups operating outside the country.

Electronic Warfare and GPS Spoofing: A Hidden Battlefield

The 2026 Iran conflict featured the most extensive GPS spoofing and jamming campaign ever recorded in military history. This electronic warfare operated as a silent, yet profoundly disruptive, layer beneath the more visible kinetic strikes. Within 24 hours of the initial US-Israeli actions, over 1,100 commercial ships in UAE, Qatari, Omani, and Iranian waters reported navigation failures. Their onboard systems erroneously indicated vessel positions at airports, nuclear plants, and landlocked locations – a clear sign of active GPS spoofing. Iran’s state forces and proxy actors deployed advanced electronic warfare systems across the Persian Gulf, Strait of Hormuz, and regional airspace, creating widespread navigational chaos for both civilian and military platforms.

The interference rapidly intensified. Windward detected 21 new jamming clusters on the first day, increasing to 38 by the following day. Lloyd’s List Intelligence documented 1,735 GPS interference events affecting 655 vessels within the first week, with daily incidents nearly doubling. By March 7, 2026, over 1,650 vessels had experienced GPS interference, representing a 55 percent rise over the preceding week. Resecurity analysts highlighted that GNSS and GPS spoofing poses significant risks to operational technology environments, where industrial control systems and digital services rely on accurate geolocation data.

What You Should Do

  • Immediately apply all available patches for Hikvision (CVE-2017-7921, CVE-2021-36260, CVE-2023-6895, CVE-2025-34067) and Dahua (CVE-2021-33044) camera vulnerabilities.
  • Organizations in affected regions should deploy redundant navigation systems and reduce single-source GPS dependency for critical operations.
  • Conduct thorough audits of all geolocation-dependent industrial processes and operational technology environments.
  • Prioritize monitoring for anomalous position data in maritime and aviation platforms as a critical defensive measure.
  • Implement robust credential management practices and multi-factor authentication to mitigate risks from infostealer malware.
  • Enhance network segmentation and implement strong intrusion detection systems to identify and respond to DDoS attacks and data exfiltration attempts.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitMalwarePatchSecurityThreat

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Critical ForceMemo Flaw Hijacks GitHub Accounts, Backdoors Python Repos

Next Post

Critical LangSmith Vulnerability Allows Account Takeover

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Critical Buffa Rust Library 0-Day DoS Vulnerability in Anthropic
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us