The recent joint military operations conducted by the United States and Israel against Iran have sparked a torrent of retaliatory actions throughout the Gulf region, encompassing both military maneuvers and cyber incursions.
In a show of force, pro-Iranian factions have unleashed a barrage of cyberattacks targeting Israel, the U.S., and their allies, demonstrating an alarming convergence of cyber and physical warfare.
These cyber responses have been characterized as hacktivism—political assaults designed not for monetary benefit but to further ideological and geopolitical agendas.
The Counter Threat Unit Research Team of Sophos has reported a notable uptick in pro-Iranian hacktivist activities since the offensive operations commenced with bombings in Tehran on February 28.
Multiple hacktivist groups have begun disseminating misinformation and inciting violence. “Iranian factions typically exploit publicly disclosed vulnerabilities rather than employing zero-day exploits, thus organizations should prioritize rectifying issues cataloged in CISA’s Known Exploited Vulnerabilities Catalog,” asserts the research team.
The Foundation for Defense of Democracies has urged heightened vigilance among companies, particularly those in the utilities sector.
The organization highlighted that Iranian hackers have previously managed to breach critical components of essential services due to misconfigured systems, the retention of default passwords, and the neglect to implement software patches to address known vulnerabilities.
This week’s coverage underscores the imperative for stringent cybersecurity protocols, especially in times of geopolitical upheaval.
Pro-Iran cyberattacks target energy and defense companies
The military strikes by the U.S. and Israel against Iran have catalyzed an onslaught of cyber retaliations from groups linked to Tehran.
These attacks encompass Distributed Denial-of-Service (DDoS) assaults, breaches of critical infrastructure, and data exfiltration efforts aimed at the U.S., Israel, and their allied nations.
Organizations affiliated with Iran’s Islamic Revolutionary Guard Corps and Ministry of Intelligence and Security, along with sympathetic hacktivists, have mobilized under initiatives dubbed #OpIsrael.
Notable targets include Saudi Arabia’s Aramco facility, an AWS data center in the UAE, and various Israeli defense and energy systems.
Cyber groups such as Cotton Sandstorm and the FAD Team have conducted SQL injection attacks, leaked sensitive information, and disrupted vital services across Bahrain, Saudi Arabia, and Qatar.
Additionally, pro-Iranian and pro-Russian factions like the Cyber Islamic Resistance and NoName057(16) have intensified efforts against Israeli infrastructure and defense assets.
Experts caution about the rising cyber threats, which could precipitate significant disruptions to global economies and critical infrastructures.
To counteract the risks presented by this escalating conflict, cybersecurity teams are encouraged to implement Multi-Factor Authentication (MFA) and bolster their monitoring capabilities.
Hackers sympathetic to Iran exploit IP camera vulnerabilities
Certain Iranian-affiliated hackers have escalated their attacks on surveillance equipment, specifically targeting critical vulnerabilities found in Hikvision and Dahua products, as revealed by Check Point Research.
The vulnerabilities exploited include a command injection flaw (CVE-2023-6895), a remote command execution vulnerability (CVE-2025-34067), and an authentication bypass issue (CVE-2021-33044).
These cyber offensives, concentrated in the Persian Gulf and surrounding regions, have affected devices in Israel, Cyprus, Lebanon, Qatar, Kuwait, and other neighboring countries.
Analysts noted that such cyber activities often precede missile strikes, reflecting tactics observed during the 2025 Israel-Iran conflict and the 2023 Israel-Hamas war.
Hackers linked to the Islamic Revolutionary Guard Corps have previously employed similar exploits to target U.S. water facilities and other vital infrastructure sectors.
At a precarious time, turmoil surrounds CISA leadership
The capacity of CISA to contend with rising cyber threats, particularly those related to Iranian operatives, is under scrutiny as the agency grapples with dwindling resources and a void in Senate-confirmed leadership.
Recently, CISA’s acting director was ousted from his position, while the Trump administration’s stalled nomination for a permanent director adds to the uncertainty.
Sean Plankey’s departure from the Department of Homeland Security this week was positioned as voluntary; however, sources indicate he may have been removed from the premises amid conflicts within CISA and strained relations with Homeland Security Secretary Kristi Noem, who was also relieved of her duties on Thursday.
Confusion surrounds whether Plankey remains the Trump administration’s preferred candidate to lead CISA. CBS News reported that Plankey’s renomination in January may have stemmed from an administrative oversight, a claim the White House has denied.
Source link: Techtarget.com.
