Middle East Conflict: The Cybersecurity Impact

Geopolitical conflict has a habit of spilling over into cyberspace.

The US and Israel's 'Operation Epic Fury', which struck Iran and ultimately killed its Supreme Leader, sank the country into a major internet outage. With data showing activity corresponding to only 4% of the country’s usual internet traffic, official sites and major media platforms all appeared to be offline as Tehran, Isfahan and other major regions faced near-total blackout. 

Analysts suggest that the disruptions are likely a combination of state-imposed shutdowns and targeted cyber operations, reflecting a broader trend of digital infrastructure being caught in geopolitical conflict.

Several Iranian websites and apps experienced unauthorised intrusions in the early days of March 2026.  Most notable among these, was the hacking of the widely-used BadeSaba religious calendar app, which displayed the messages: “give up weapons and join the people” and “it’s time for reckoning". 

UK organisations warned by NCSC

The UK’s National Cyber Security Centre has highlighted the continued threat from actors associated with Iran, urging organisations to review their security defences. In its latest advisory, the NCSC noted that state or state-aligned groups retain the ability to disrupt systems or exfiltrate sensitive data, even amid domestic connectivity issues in Iran.

While the immediate risk to the UK remains assessed as moderate, businesses with regional ties or Middle East-facing supply chains are advised to strengthen defences against phishing, account compromise and denial-of-service attacks. 

The advisory also recommended testing incident response plans and ensuring that multi-factor authentication is consistently applied.

Cybersecurity experts point out that groups linked to Tehran have previously relied on spear-phishing and social engineering campaigns to target individuals and organisations of strategic interest. 

The NCSC stressed that vigilance remains essential, as operations can escalate quickly during conflicts. 

Sophos flags increased activity

Cybersecurity company Sophos has also warned of an elevated risk environment. Its threat intelligence team said periods of geopolitical tension often coincide with increased activity by state-aligned and ideologically motivated cyber groups.

Sophos' report reads: “On February 28, 2026, Handla Hack, a hacktivist persona linked to Iran’s Ministry of Intelligence and Security (MOIS), claimed attacks in Jordan and threatened other countries in the region. This group routinely overstates their capability and impact of attacks however on occasion has been capable of executing data theft and wiper attacks.”

Sophos noted that Iranian actors typically use password spraying, credential harvesting and targeted data exfiltration and warned that destructive malware or ransomware cannot be ruled out during crises. 

Organisations were advised to reinforce identity controls, monitor anomalous login activity and ensure that access management practices are robust.

Rafe Pilling, Director of Threat Intelligence at Sophos, notes: "As the situation develops, the likelihood increases that proxy groups or ideologically motivated actors (hacktivists) may take action, including cyber attacks, against Israeli- and US-affiliated military, commercial or civilian targets. We are seeing the early rumblings of this already.

“For most organisations, the priority is the same as it’s always been. Understand your threat model and attack surface, focus on vulnerabilities and exposures likely to affect your environment and make sure the basics are being done well – visibility, protection, patching, access control and incident readiness.

“Calm, consistent execution still beats reactive moves driven by headlines and social media.”