Pro-Iranian hacktivist groups launched 149 DDoS attacks against 110 organizations across 16 countries within hours of February 28 strikes, according to analysis by cybersecurity researchers. The Cyber Islamic Resistance coordinated multiple affiliated teams, including RipperSec and Cyb3rDrag0nzz, to execute synchronized attacks targeting Israeli and Western infrastructure.
The campaign focused on government agencies, critical infrastructure, and commercial organizations, reflecting a pattern of retaliatory cyber activity tied to escalating geopolitical tensions. Researchers at Palo Alto Networks Unit 42 warned of increased cyber risk linked to Iran throughout March 2026 as regional conflict dynamics intensified.
Coordinated multi-group attack activity
The Cyber Islamic Resistance operates as an umbrella collective coordinating multiple hacktivist teams to carry out synchronized operations. This structure enables rapid mobilization of distributed attack resources while allowing individual groups to operate semi-independently.
Researchers observed that the attacks involved a mix of DDoS flooding, website defacements, and disruptive activity targeting public-facing services. The coordinated timing and volume of attacks suggest deliberate planning rather than isolated incidents.
Targeting of government and infrastructure systems
The campaign included attacks against government portals and infrastructure-related services, increasing the potential for operational disruption. While many of the incidents appear to have focused on availability rather than data compromise, the scale of targeting raises concerns about broader impacts across interconnected systems.
Separate claims linked to the campaign referenced attempted disruption of infrastructure in Jordan, though the extent and impact of those claims remain unclear.
Geopolitical alignment and escalation risk
The activity aligns with a broader pattern of hacktivist operations tied to regional geopolitical tensions. Such groups often act in parallel with state interests, though direct coordination or control is not always publicly confirmed.
Cybersecurity experts have warned that campaigns of this scale can increase the risk of spillover effects, particularly when multiple groups target shared infrastructure or international services.
Defensive posture and mitigation considerations
Security teams in potentially affected regions have been advised to strengthen DDoS mitigation strategies and increase monitoring of public-facing systems. Rapid, high-volume campaigns such as this one highlight the importance of scalable defenses capable of absorbing distributed attack traffic.
Organizations operating critical services may face elevated risk during periods of geopolitical escalation, particularly when hacktivist collectives coordinate across multiple regions and targets.
