Attribution: Suspected pro-Iranian hacktivist group
First Observed: October 2025
Primary Operations: Data breach claims, infrastructure targeting, hacktivist campaigns, data leaks
Nasir Security is a pro-Iranian hacktivist group that emerged in late 2025 and became active in early 2026 with a series of breach claims targeting government agencies, aviation infrastructure, and energy sector organizations across the Middle East.
The group operates a public leak site where it publishes claims of unauthorized access, data exposure, and ideological statements. Its activity aligns with a broader pattern of geopolitically motivated cyber operations rather than financially driven cybercrime.
Overview
Nasir Security follows a disclosure-driven model, publicly announcing intrusions and presenting alleged proof of access through screenshots or structured data samples. Its communications are framed around retaliation, deterrence, and exposure of sensitive systems.
Targets consistently include government institutions, customs authorities, airports, and oil and gas organizations, indicating a focus on high-visibility and strategically sensitive sectors.
2026 campaign and breachnews coverage
Between March and April 2026, Nasir Security published a sequence of claims across multiple countries and sectors. BreachNews has reported on several of these incidents:
- Dubai Airport data leak claim
- Kuwait Ministry of Interior breach
- Yad Vashem breach claim involving world leader records
Each of these disclosures followed a similar pattern of politically charged messaging paired with claims of access to sensitive systems or data.
Claimed operations timeline
Based on the group’s public posts, Nasir Security has claimed responsibility for the following operations:
- October 2025: Taldor allegedly breached
- March 13, 2026: Dubai Petroleum allegedly breached
- March 15, 2026: Oman CC Energy Development allegedly breached
- March 17, 2026: Rumaila Operating Organisation allegedly compromised
- March 21, 2026: Al-Safi Oil Company allegedly breached
- March 26, 2026: UAE Federal Customs Authority access claim
- March 30, 2026: Dubai Airport data leak claim
- April 5, 2026: Kuwait Ministry of Interior allegedly breached
- April 15, 2026: Yad Vashem Museum allegedly breached
The consistency and pacing of these claims suggest a coordinated disclosure strategy, potentially involving previously obtained access released over time.
Targeting patterns and strategic focus
Nasir Security’s targeting shows a clear preference for government systems, transportation infrastructure, and energy sector organizations. These sectors carry both economic and geopolitical significance, increasing the potential impact of any confirmed compromise.
The repeated focus on Gulf region entities, particularly in the United Arab Emirates and surrounding countries, indicates a regional campaign aligned with ongoing geopolitical tensions.
Operational style and messaging
The group’s communications are heavily ideological, often incorporating religious language and framing operations as acts of resistance. Statements emphasize exposure and disruption rather than financial gain.
Unlike financially motivated groups such as ShinyHunters, Nasir Security does not appear to prioritize data sales or extortion. Its objective appears to center on visibility, signaling, and psychological impact.
Relationship to broader iran-aligned activity
Nasir Security operates within a wider ecosystem of pro-Iranian cyber groups that have increased activity throughout 2026. Its targeting patterns and messaging align with groups such as Handala Hack, which has also focused on government and infrastructure targets.
These operations coincide with broader coordinated campaigns, including multi-country DDoS attacks targeting Western and allied infrastructure.
Verification challenges
Independent verification of Nasir Security’s claims remains limited. While the group frequently publishes supporting material, confirmation from affected organizations is rare.
Some claims may reflect legitimate unauthorized access, while others could involve partial exposure or exaggerated impact. Each incident requires individual assessment.
Outlook
Nasir Security’s consistent focus on high-value infrastructure and government systems makes it a relevant emerging threat actor despite limited confirmed incidents. Its alignment with geopolitical narratives suggests continued activity, particularly during periods of regional escalation.
Organizations in targeted sectors should treat the group’s claims as indicators of potential targeting and ensure appropriate monitoring and defensive measures are in place.
