Nasir Security, an Iran-aligned hacktivist group operating under the name “Sons of Al-Naseer” in its latest post, has claimed to have breached Kuwait’s Ministry of Interior and intelligence systems, alleging access to classified documents and sensitive data on senior military, political, and security figures. The claim was posted April 5, 2026, as Kuwait faces active Iranian missile and drone strikes on its energy infrastructure and military installations. Kuwait’s Ministry of Interior has not issued any statement acknowledging the claim.
According to the post, the allegedly stolen material includes names, identities, and photographs of government officials, military personnel, army officers, and senior security and political figures in Kuwait. The group claims it will share this information with parties planning security, military, and economic strikes against Kuwait, framing the operation as part of the broader Iran-aligned resistance campaign. The post also warns of further cyber attacks across all government and military sectors if Kuwait does not change course on its perceived cooperation with what the group calls American-Zionist forces.
A Known Actor Under a New Name
This is not the first time Nasir Security has appeared under shifting identities. The group emerged in October 2025 claiming affiliation with “Sons of Hezbollah Lebanon” before later aligning with the Alawite ethnic group in Syria, and now operating as “Sons of Al-Naseer” in this post. Security researchers have previously assessed the group as likely consisting of cyber-mercenaries or individuals hired or sponsored by Iran or its proxies rather than direct Hezbollah operatives.
Nasir Security returned to active operations on March 10, 2026, shortly after the start of the Iran war, claiming breaches of Dubai Petroleum, CC Energy Development in Oman, and Al Safi in Saudi Arabia. The group most recently claimed access to Dubai International Airport systems, threatening to release passport data belonging to travelers from multiple nationalities. Security researchers found that while some legitimate documents were obtained in prior operations, the group has a documented pattern of exaggerating breach impact and misattributing data from third-party contractors to direct victim compromises.
Proof of Access and Credibility Assessment
The group published what appear to be identity documents as proof of access, though BreachNews has not independently verified their authenticity or whether they originated from a direct breach of Ministry systems rather than a third-party source. The post is also heavy on political messaging directed at both Kuwait and the new Iranian Supreme Leader Mojtaba Khamenei, to whom the group pledges direct loyalty in the same statement. The group additionally promises to release information on 10 individuals in the coming days.
Security researchers have noted that Iran-aligned hacktivist groups including Nasir Security are largely orchestrated to create the optics of cyber operations rather than deliver meaningful technical impact. The group’s post serves dual purposes: generating fear and diplomatic pressure against Kuwait while demonstrating visible cyber alignment with Iranian objectives during an active kinetic conflict. Kuwait is hosting US military assets at Ali Al Salem Air Base, which has been repeatedly struck by Iranian missiles throughout the conflict, making its government systems a logical propaganda target for Iran-aligned actors regardless of actual access.
Kuwait’s Ministry of Interior had not issued any public statement acknowledging the claim at time of publication.
