The ongoing conflict between the United States, Israel, and Iran, which escalated dramatically on February 28, 2026, with the launch of joint military operations codenamed Operation Epic Fury (U.S.) and Operation Roaring Lion (Israel), has marked a new era in hybrid warfare. Cyber operations have played a central and integrated role from the outset, complementing kinetic airstrikes, missile barrages, and targeted assassinations—including the killing of Iran’s Supreme Leader Ayatollah Ali Khamenei and numerous senior military officials.
This war builds on years of shadowy cyber confrontations in the region. The 2010 Stuxnet attack, widely attributed to the U.S. and Israel, demonstrated how cyber tools could achieve physical destruction by sabotaging Iran’s nuclear centrifuges. Subsequent exchanges involved Iranian-linked groups conducting disruptive attacks, such as distributed denial-of-service (DDoS) campaigns, wiper malware deployments, and espionage against Western targets. By 2025, tensions had already seen surges in cyberattacks, including a reported 700% increase in incidents targeting Israel following Israeli strikes on Iranian nuclear sites.
The 2026 escalation transformed cyber from a peripheral tool into a foundational element of military strategy. U.S. and Israeli forces employed cyber operations as “first movers” before kinetic strikes began. According to statements from U.S. military leaders, including the Chairman of the Joint Chiefs of Staff, cyber and space effects were layered to disrupt Iranian communications, degrade command-and-control systems, blind sensor networks, and confuse defenses. These non-kinetic actions “disrupted, degraded, denied, and destroyed” Iran’s ability to respond effectively, paving the way for over 900 coordinated airstrikes on military, nuclear, and leadership targets.
A notable example of integrated cyber-influence operations involved the compromise of the popular Iranian prayer app BadeSaba, which has millions of users. Hackers—widely attributed to Israel—hijacked the app to broadcast anti-regime messages urging military personnel to defect and promising amnesty, timed to coincide with the opening of airstrikes. State-run media sites like Iran’s news agency IRNA were also breached, displaying defamatory content and calls for uprising. These efforts aimed to sow internal dissent, erode regime legitimacy, and create psychological pressure amid widespread internet disruptions in Iran, where connectivity plummeted to as low as 1-4% of normal levels due to a combination of regime-imposed blackouts, physical damage, and targeted cyber intrusions.
Israel’s cyber campaign has been described in some reports as one of the largest in history, contributing to near-total blackouts of government services, media, energy, and aviation infrastructure. The U.S. Cyber Command (Cybercom) synchronized these effects with kinetic operations, highlighting how cyber has become fully embedded in joint military planning. Strikes even reportedly targeted Iran’s cyber warfare headquarters in Tehran, further degrading the regime’s digital capabilities.
Iran’s responses have relied heavily on asymmetric cyber tools, consistent with its long-standing “Great Epic” campaign under the Cyber Islamic Resistance framework. Pro-Iran hacktivist groups and state-affiliated actors have surged in activity, claiming DDoS attacks, website defacements, data leaks, and probes against U.S., Israeli, and Gulf state targets—including critical infrastructure in energy, finance, and healthcare. Reports indicate over 150 hacktivist incidents in the first days of escalation, with some involving pro-Russian allies. However, Iran’s own cyber capabilities appear hampered in the short term by leadership losses, internal chaos, and severe internet restrictions, leading to a noticeable lull in sophisticated state-sponsored outbound operations. Analysts note that many Iran-linked hacking groups have gone dark or operated at reduced capacity, shifting reliance to dispersed proxies for plausible deniability.
The conflict has also amplified hacktivism on both sides, with pro-Iran collectives targeting opportunistic victims globally and pro-Israel actors conducting symbolic disruptions. This blending of state, proxy, and ideologically driven attacks risks spillover, including unintended escalations reminiscent of Stuxnet’s global effects.
Overall, cyber-warfare in the 2026 Iran War has provided strategic advantages: battlefield preparation through disruption, influence operations to undermine regime cohesion, and low-risk retaliation options for a weakened Iran. It underscores a shift where cyberspace is no longer supplementary but a primary domain of modern conflict, blurring lines between military and civilian targets and challenging international norms. As the war continues, agencies like CISA and international partners warn of heightened vigilance against Iranian-linked threats, emphasizing that cyber operations will likely remain a key lever in shaping the conflict’s trajectory and potential resolution.
About The Author
