ACCORDING to Unit 42, a Threat Brief dated 2 March 2026 describes a rapid escalation in cyber risk related to Iran, triggered by the United States and Israel launching joint operations on 28 February 2026. The early hours of that day saw Iran commence a multi-vector retaliatory campaign, with activity spreading across trans-regional targets and a surge in hacktivist action, including around 60 groups active by 2 March 2026.
Connectivity inside Iran plummeted to between 1% and 4% from 28 February, a degradation that the report says could hamper state-aligned threat actors’ ability to coordinate sophisticated operations in the near term.
The piece details multiple Iran-aligned threat actors both inside and outside the region, including Handala Hack, APT Iran, Cyber Islamic Resistance, Dark Storm Team, FAD Team, Evil Markhors, Sylhet Gang, 313 Team and DieNet, many of which have claimed disruptive or data-destructive operations and form part of an umbrella ecosystem.
It also notes the establishment of the Electronic Operations Room on 28 February 2026 and highlights ongoing activity by state-sponsored actors under the constellation name Serpens, with potential focus on regional targets such as Israel. The briefing recommends a multi-layered defence and continued vigilance, given the likelihood of further intensification and opportunistic attacks from hacktivists and state-supported groups.