Cyberattacks Spike 245% in the Two Weeks After the Start of War with Iran
None
<p>In the first two weeks of the U.S. and Israeli bombing campaign against Iran, security researchers with Akamai saw a 245% spike in threat actors targeting critical businesses and institutions in North America, Europe, and parts of Asia-Pacific, another data point in the cyberthreats spreading from pro-Iranian actors.</p><p><a href="https://www.akamai.com/blog/security/fortify-network-security-emerging-geopolitical-cyberthreats" target="_blank" rel="noopener">In a report</a>, the researchers noted that geopolitically motivated hacktivist groups are using proxy services in Russia, China, and elsewhere to launch “billions of designed-for-abuse connection attempts,” banking and financial services organizations, ecommerce businesses, and video games accounting for 80% of the target destinations of the attempts.</p><p>The financial services and ecommerce businesses combined made up more than half of the targets.</p><p>“The conflict in the Middle East that started on February 28, 2026, has sent rippling effects across travel, hospitality, and energy sectors of the global economy,” they wrote. “Even more concerning is the significant increase in cybercrime emanating from nation-state actors and ideologically motivated hacktivists, who might operate from an entirely different part of the planet to orchestrate highly sophisticated attacks.”</p><p>Akamai’s findings adding to the growing list of findings from threat intelligence analysts that indicate the cybersecurity threats that cranked up soon after the first bombs on Tehran were dropped continues to expand against not only U.S. and Israeli targets both also other countries in the Middle East and elsewhere seen as being friendly to the larger global powers.</p><h3>Businesses on Alert</h3><p>With no end of the war in sight, governments and businesses in these areas need to be prepared for the threat to rise, according to Sunil Gottumukkala, CEO of agentic AI security company Averlon.</p><p>“Enterprises should assume this activity will persist and focus on preparedness,” Gottumukkala said. “That means staying on top of attack surface and exposure management to reduce exploitable vulnerabilities and ensure known weaknesses cannot be used to gain initial access. It also means strengthening identity security and monitoring for credential misuse, since many of these campaigns rely on stolen credentials.”</p><h3>Private Sector Under Threat</h3><p>In an emailed update, Flashpoint researchers wrote about hacktivists increasingly targeting private sector organizations, pointing to not only Handala’s data-wiper attack on U.S.-based medical tech company Stryker but also another group, Fatimion Cyber Team, targeting the Lebanese MTV channel with distributed denial-of-service (DDoS) attacks and a data breach, threating to leak personal data of both MTV employees and officials with the Lebanese Ministry of Information if they don’t stop “anti-resistance” reporting.</p><p>“The cyber activity tied to this conflict is becoming increasingly decentralized and destructive. Groups like Handala and Fatimion are targeting private-sector organizations with attacks designed to erase data, disrupt services, and introduce uncertainty for both businesses and the public,” said Kathryn Raines, cyber threat intelligence team lead for the national security solutions for Flashpoint. “At the same time, we’re seeing a greater use of legitimate administrative tools in these cyber operations, making it significantly harder for traditional security controls to detect.”</p><p>That last point was made in a <a href="https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/" target="_blank" rel="noopener">report in BleepingComputer</a>, which cited an unnamed source that Handala – a hacktivist group with reported ties to the Iranian government that claimed to have erased data 200,000 hundreds of thousands of corporate devices and steal 50 TB of data – by using the wipe command on in Microsoft’s Intune cloud-based endpoint management solution to erase data from 80,000 devices during a three-hour window March 11. The attackers didn’t need to use malware; instead they compromised an admin account and created a new global admin account.</p><h3>Cyber Warfare as the Great Equalizer</h3><p>Analysts with Palo Alto Networks’ Unit 42 threat intelligence group, which last week wrote about the <a href="https://unit42.paloaltonetworks.com/handala-hack-wiper-attacks/" target="_blank" rel="noopener">rising threat of wiper malware</a>, detailed in a report this week how Iran’s Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS) use cyber operations as a low-cost way of equalizing the battle with its better-armed enemies and noted that the “shift from custom-built wiper malware to native administrative abuse removes a critical detection guardrail that historically protected enterprise networks.”</p><p>“Iranian cyber actors’ current tactical shift is driven less by a lack of malware development capabilities than by the strategic advantages of living-off-the-land (LotL) techniques,” they wrote. “Operations designed to cause disruption have undergone a change since 2023: Instead of relying heavily on bespoke tools, the methods now employed are part of a larger trend toward greater scale and improved evasion.”</p><h3>Worries About U.S. Readiness</h3><p>There also is concern about the United States government’s ability to protect the country against such cyberattacks. Matthew Ferren, an international affairs fellow in national security at the Council on Foreign Relations, a nonpartisan think tank, <a href="https://www.cfr.org/articles/trumps-cyber-strategy-falls-short-on-china-iran-and-the-threats-that-matter-most" target="_blank" rel="noopener">noted this week</a> about the “<a href="https://securityboulevard.com/2026/03/concepts-of-a-cyberplan/" target="_blank" rel="noopener">strikingly short</a>” – at four pages – <a href="https://securityboulevard.com/2026/03/trump-administration-lays-out-a-high-level-strategy-to-combat-cybercrime/" target="_blank" rel="noopener">national cybersecurity strategy</a> that was released earlier this month.</p><p>Ferren wrote that the Trump Administration called it a high-level statement of intent that will be followed by actions, but added that “the brevity also reflects a fraying cyber apparatus that is, at best, still finding its footing and, at worst, suffering from institutional neglect.”</p><p>“This strategy arrives at a precarious moment,” he wrote. “The United States faces longstanding and intensifying cyber threats – from <a href="https://securityboulevard.com/2025/02/chinese-cyber-spies-use-espionage-tools-for-ransomware-side-hustle/" target="_blank" rel="noopener">Chinese espionage</a> and <a href="https://securityboulevard.com/2024/02/china-sponsored-hackers-lie-in-wait-to-attack-u-s-infrastructure/" target="_blank" rel="noopener">pre-positioning</a> on critical infrastructure to ransomware campaigns that disrupt essential services – that demand sustained attention and investment. The president’s war of choice with Iran adds new urgency. Tehran-linked groups are already threatening cyberattacks on U.S. networks, and the White House’s ability to coordinate national cyber defenses will face an immediate test.”</p><p>Still, “the administration’s surface-level treatment of these challenges casts doubt on how seriously the administration takes the cyber threat, and whether it has the capacity to address them,” Ferren wrote. “Key cyber leadership posts remain vacant, and the agencies responsible for implementation have been disrupted by budget cuts and personnel turnover.”</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/cyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran/" data-a2a-title="Cyberattacks Spike 245% in the Two Weeks After the Start of War with Iran"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran%2F&linkname=Cyberattacks%20Spike%20245%25%20in%20the%20Two%20Weeks%20After%20the%20Start%20of%20War%20with%20Iran" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran%2F&linkname=Cyberattacks%20Spike%20245%25%20in%20the%20Two%20Weeks%20After%20the%20Start%20of%20War%20with%20Iran" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran%2F&linkname=Cyberattacks%20Spike%20245%25%20in%20the%20Two%20Weeks%20After%20the%20Start%20of%20War%20with%20Iran" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran%2F&linkname=Cyberattacks%20Spike%20245%25%20in%20the%20Two%20Weeks%20After%20the%20Start%20of%20War%20with%20Iran" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Fcyberattacks-spike-245-in-the-two-weeks-after-the-start-of-war-with-iran%2F&linkname=Cyberattacks%20Spike%20245%25%20in%20the%20Two%20Weeks%20After%20the%20Start%20of%20War%20with%20Iran" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>