IRAN-ALIGNED hacktivist groups have generated noise but little demonstrable impact in the Gulf conflict, with researchers noting a gap between bold claims and verifiable outcomes. Since 28 February 2026, when the ayatollah was assassinated, Bitdefender data shows malicious emails targeting Gulf countries rising on average by 130%, peaking at almost four times the pre-war rate, though this surge has not translated into proportionate disruption on the ground.
A case study of Nasir Security, a group described as Iran-aligned, suggests it has leaked legitimate but limited material and overstated breaches of Dubai Petroleum, CC Energy and Al Safi; Resecurity says the group is attacking related supply-chain vendors rather than the energy companies themselves.
The article also highlights how some claims may be exploited for psychological impact, with analysts like Pascal Geenens and Justin Moore cautioning that the narrative of omnipresent Iran-linked activity can confuse assessments. Justin Moore notes that “the challenge is managing the reputational fog of war” created when groups post on Telegram, while Shawn Loveland of Resecurity argues that none of the Iran-linked hacktivist groups have achieved meaningful impact, as borne out by independent assessments.