SECURITYWEEK reports that the Iran cyber front has seen hacktivist activity surge while state-sponsored attacks remain notably quiet, following the US-Israel strikes in late February 2026. The joint operations, named Operation Epic Fury and Operation Roaring Lion, triggered widespread claims and defacements by pro-Iran hacktivist groups, though major security firms say the activity tied to state-backed operators is not increasing.
CrowdStrike noted on March 2 that it had not detected large-scale campaigns by state-sponsored actors, though it observed a rise in hacktivist actions such as website defacements and DDoS campaigns, including activity by Hydro Kitten. Palo Alto Networks likewise flagged escalation by hacktivists from outside Iran, but suggested limited internet connectivity may suppress state-sponsored surges.
The UK’s National Cyber Security Centre said there is likely no current significant change in the direct cyber threat from Iran to the UK, while urging organisations to review risk postures and take action.