Pro Iranian hacktivist groups launched 149 DDoS attacks against 110 organizations across 16 countries within hours of February 28 strikes, according to analysis by cybersecurity researchers. The Cyber Islamic Resistance coordinated multiple affiliated teams including RipperSec and Cyb3rDrag0nzz to execute synchronized attacks against Israeli and Western infrastructure.
The coordinated campaign targeted government agencies, critical infrastructure, and commercial organizations in what researchers describe as retaliatory cyber operations linked to geopolitical tensions. Palo Alto Networks Unit 42 warned of escalating cyber risk related to Iran in March 2026 as conflict dynamics intensified.
Attack Coordination
The Cyber Islamic Resistance operates as an umbrella collective that coordinates multiple hacktivist teams to launch synchronized operations. This structure allows rapid mobilization of distributed attack resources while maintaining operational security through compartmentalized team structures.
Security researchers observed the attacks combined DDoS flooding, data wiping operations, and website defacements targeting government portals and critical infrastructure management systems. The multi faceted approach aimed to maximize disruption while demonstrating capability across different attack vectors.
Critical Infrastructure Targeting
Separate reporting indicated attacks claimed responsibility for sabotage of Jordan’s critical infrastructure, suggesting escalation beyond digital disruption to physical infrastructure targeting. The scope of infrastructure attacks raises concerns about potential spillover effects affecting civilian populations dependent on targeted systems.
Geopolitical Context
The coordinated cyber operations coincide with broader regional tensions and demonstrate how hacktivist collectives function as force multipliers in geopolitical conflicts. While attribution to Iranian state intelligence remains subject to analysis, the timing and targeting patterns suggest coordination with state objectives.
Cybersecurity firms advised organizations in potentially targeted countries to implement enhanced monitoring and DDoS mitigation measures given the demonstrated willingness of these groups to conduct widespread attacks in response to geopolitical developments.
