Cyberattacks Following the Middle East Conflict
When the United States and Israel launched military strikes against Iran on 28/02, the conflict quickly spread to the cyber domain. Over the next two weeks, 721 cyberattacks were registered across 22 countries, with targets in the Middle East and parts of Europe particularly hard-hit. The attacks were aimed at critical societal functions such as government agencies, healthcare, energy and water supply, and financial systems – escalating the situation from a regional military assault to a global cyber conflict.
A Rapidly Escalating Conflict
The first week was dominated by extensive denial-of-service attacks that took down government websites in Israel and several Gulf states. Soon after, groups linked to Russia joined in, giving the conflict a clear geopolitical breadth.
During the second week, both the number and spread of attacks increased. Cyprus became an unexpected primary target after Russian actors identified the country as a legitimate target due to a drone manufacturer with ties to Ukraine. In Romania, the tax authority was taken offline for an hour as “punishment” for allowing American forces to use bases in the country.
That same week, the most damaging cyberattack of the conflict was carried out: a wiper attack targeting the medical technology company Stryker, where over 200,000 devices were wiped via the company’s internal administration system. The attack clearly demonstrated that the intention was no longer mere disruption – but tangible operational damage.
Which Attacks Dominated?
The cyber dimension of the conflict is complex, but certain patterns are clear:
- Denial-of-service attacks (DDoS) accounted for over 85 percent of all attacks.
- Several intrusions targeted control systems for electricity, water, and grain storage.
- Hijacked monitoring systems and widespread data leaks were reported.
- Wiper attacks on businesses showed that the aim was more than mere confusion – there was also intent to cause lasting damage.
Overall, the attacks demonstrate a combination of technical disruption, psychological impact, and direct attempts to harm critical functions.
Who Were the Main Actors?
Three groups accounted for a large share of the observed activity:
- 313 Team (pro-Iran)
- NoName057(16) (pro-Russia)
- Keymous Plus (pro-Iran)
The most sophisticated actor is believed to be Handala, linked to Iranian intelligence and responsible for the attack against Stryker. MuddyWater is also named as a long-term threat, as the group had backdoors in American networks even before the conflict.
What Does This Tell Us About Today’s Cyber Security?
The conflict illustrates how cyber operations have become a central tool in modern hybrid warfare. Some general insights:
- Cyberattacks spread rapidly geographically, far beyond the original conflict zone.
- Critical sectors – energy, transport, finance and healthcare – are especially vulnerable due to their digital dependencies.
- The attacks combine several aims: disruption, influence, espionage, and physical harm.
- State and state-supported groups are playing an increasingly significant role, but ideological and criminal actors are also active.
Sectors Deemed Most Vulnerable
According to publicly reported analyses, the following sectors are especially exposed:
- Energy: Digital control systems make infrastructure vulnerable to intrusions.
- Telecommunications and digital infrastructure: The foundation for all other sectors.
- Transport: Dependent on networked systems for control and logistics.
- Financial services: An attractive target for both state and economically motivated actors.
- Healthcare: Handles sensitive data and often has lower cyber security maturity.
- Manufacturing industry: Holds valuable intellectual property and has complex supply chains.
- Public administration: High requirements and often exposed to ideologically or politically motivated attacks.
- Cloud services and outsourcing: Central nodes impacting many other sectors.
- Local government: Heavy dependencies but with varying levels of protection.
Resilience in cyberspace is key
The cyberattacks following the conflict in the Middle East clearly demonstrate how digital threats are now an integrated part of international conflicts. They occur rapidly, widely and often with several simultaneous aims – from psychological impact to tangible physical harm. For organisations, businesses and societal actors, the conclusion is clear: resilience in cyberspace is a key factor in managing instability in an increasingly digitalised world.