Geopolitical Escalation Triggers Surge in Hacktivist Cyberattacks A new analysis by Intel 471 reveals that U.S. and Israeli military strikes against Iran in late February 2026 sparked a sharp rise in hacktivist activity, with ideologically aligned groups launching retaliatory cyber campaigns. The surge underscores how geopolitical conflicts increasingly extend into cyberspace, where loosely organized collectives and state-aligned proxies use disruptive operations including DDoS attacks, website defacements, and data breach claims to signal support, amplify propaganda, and target perceived adversaries. Between February 27 and March 6, 2026, Israel emerged as the most impacted region, followed by Kuwait and Jordan, with Bahrain, Qatar, and the UAE also ranking among the top ten affected areas. The most targeted sectors included national government, aerospace and defense, and technology. Pro-Iranian and Iran-aligned hacktivist groups rapidly mobilized, directing operations against the U.S., Israel, and neighboring countries, often coordinating through social media and messaging platforms. Key incidents included: - Iranian Handala Hack claimed breaches of oil and gas organizations in Israel, Jordan, and Saudi Arabia, as well as an Israeli research institute. - WeAreUst and Anonymous Sana’a allegedly targeted an Israel-based defense and security technology firm. - UniT 313 conducted DDoS attacks against military and government entities in Bahrain and Saudi Arabia. - Cyber Islamic Resistance compromised home routers linked to an Israeli fiber-optic provider and a U.S. military online directory. - Iraqi FAD Team claimed attacks on supervisory control systems in Israel and allied nations. - Mr. Soul, linked to Cyber Av3ngers, threatened Israeli power infrastructure and claimed to have disabled warning sirens. Pro-Russian hacktivist groups also joined the fray, with NoName057(16) launching DDoS attacks under the #OpIsrael banner, targeting political parties, local authorities, and telecommunications providers. Other groups, including Hider_Nex, PalachPro, and Z-Pentest Alliance, claimed disruptions to Israeli telecommunications, water supply systems, and financial institutions. Dark Storm Team, Cardinal, and Russian Legion allegedly breached Israeli military systems, including components of the Iron Dome defense network. While pro-Iranian and pro-Russian groups dominated the activity, a smaller wave of anti-Iranian hacktivism emerged. Anonymous – אַנונִימִי leaked personal data of Iranian Revolutionary Guard Corps members and targeted regime-affiliated news agencies, while Anonymous Syria Hackers breached an Iranian e-commerce platform, exposing user credentials and payment details. Intel 471’s analysis suggests the attacks were largely symbolic, designed to project perceived power and distract adversaries amid constrained domestic connectivity in Iran. Pro-Russian groups capitalized on the conflict to expand their influence, collaborating with pro-Iranian and pro-Palestinian collectives to amplify their reach. Despite claims of significant breaches, the actual impact of many operations was likely exaggerated for psychological and media effect. Looking ahead, Intel 471 expects continued disruptive activity primarily DDoS attacks and data breach claims targeting U.S., Israeli, and Gulf nations’ banking, government, oil and gas, and telecommunications sectors. While the volume of attacks may decline over time, state-associated adversaries are likely to persist. Mike Maddison, CEO of NCC Group, noted that the conflict demonstrates the integration of cyber operations into military strategy, with Israel and the U.S. combining digital and physical strikes to disrupt Iranian communications. He warned that global supply chains and critical infrastructure including maritime and satellite navigation systems remain vulnerable, emphasizing the need for proactive resilience strategies amid evolving threats.