iscover
As the missiles fly in both directions in the Middle East, it’s important not to overlook the cyber battlefield.
Cyber warfare is not a new concept; in many ways, cyber operations have replaced kinetic ones for more than a decade now, with bits and bytes playing the roles that bombs and missiles once did.
However, perhaps for the first time, we’re seeing what true combined arms warfare – including the cyber domain – looks like.
Ukraine and the rest of the NATO alliance continue to weather coordinated cyber attacks from Russian threat actors at the same time as Vladimir Putin and his cronies attempt to overwhelm the physical battlespace with drones and missiles. In Venezuela, the United States deployed its cyber forces to effectively shut down the country’s capitol, and now, in Iran, we’re seeing the same again, with cyber activity used to both fix the conditions for a winning outcome and to sniff out the locations of vital individuals for direct strikes.
“What we are watching now is hybrid warfare at scale: coordinated kinetic operations against Iran, pre-emptive cyber activity, and an expected wave of Iranian and proxy influence campaigns that blur the line between battlefield and home front,” Ismael Valenzuela, vice president of Threat Intelligence Research at cyber security firm Arctic Wolf, told Defence Connect’s sister brand, Cyber Daily.
“Organisations worldwide must assume that their operational technology, data centres, AI integration layers, and information ecosystems are part of this contested terrain, whether they see themselves as ‘targets’ or not.”
The use of hacked traffic cameras is another unique tactic employed by Israel to map out Tehran, its traffic patterns, and ultimately locate and lead to the killing of Iran’s Supreme Leader, Ali Khamenei.
Doug Britton, executive vice president and chief strategy officer at RunSafe Security, said this technique illustrates that while connected cameras, traffic systems and other embedded devices are increasingly part of critical infrastructure, many were not designed with modern cyber threats in mind.
“The compromise of traffic cameras used to build a ‘pattern of life’ shows how embedded systems can become intelligence assets when software vulnerabilities are left exposed,” Britton said.
“Proactively protecting these systems – including preventing exploit reuse and reducing attack surfaces at the binary level – is critical to securing smart infrastructure and defence-adjacent environments.”
And while Australia may be far away from the conflict, an Australian base in the region has already come under attack. Coupled with the Australian government’s support of Donald Trump and Benjamin Netanyahu’s war, and the fact that Iran has already reached across the globe to coordinate attacks on the Australian Jewish community, we must think of ourselves as a target in cyber space as well.
The threat actors
Threat intelligence firm Flashpoint outlined some of the pro-Iran threat actors active in the region and their victimology.
Handala Team – This pro-Palestinian group claimed a massive breach of Saudi Aramco, alleging that they destroyed the company’s infrastructure and ceased oil extraction. They released proof-of-concept documents and internal schematics to attempt to verify the attack.
That said, Flashpoint provided a clarifying note: “Sufficient evidence has not been leaked by the group for Flashpoint to verify the group’s claim.”
FAD Team – Identifying with the “Islamic Resistance in Iraq”, this group claimed responsibility for breaching the Israeli academic platform “WeLearn” and the Saudi “Maad Hospitality Towers”, exfiltrating emails and platform data.
PalachPro & NoName057(16) – A new group, PalachPro had signalled coordination with Iranian hackers to amplify cyber campaigns against US and Israeli targets.
Data Centres & Financials – Precision strikes on data centres have caused severe disruptions to the United Arab Emirates financial sector; AWS data centres in the ME-CENTRAL-1 region have been confirmed to be affected.
As to the impact on those entities targeted by pro-Iranian hackers, Flashpoint provided a sobering example.
“Pro-Iranian hacktivist groups claimed successful, highly disruptive intrusions into a major Jordanian grain silo company’s control systems, including alleged manipulation of temperature controls and weighing systems, moving beyond simple defacements and signalling a direct threat to food security,” Flashpoint said.
Another point of concern is electoral systems, and this year is an important one for President Trump.
“No matter the outcome of the kinetic war, the US should expect cyber operations from Iranian actors to escalate across critical infrastructure, commercial and election targets,” said Nick Reese, adjunct assistant professor at New York University School of Professional Studies’ Center for Global Affairs.
“With 2026 being a midterm year, Iranian cyber actors will be highly motivated to harm President Trump’s political position and curb his power through disinformation campaigns.”
The scale
In the 72 hours leading up to 3 March, threat intelligence firm Falcon Feeds disclosed just how much activity has sprung from the region, and the numbers are staggering.
The company issued more than 800,000 alerts while tracking more than 100 threat actors. It was following more than 3,000 pro-Iranian Telegram groups, all of them spreading misinformation and propaganda.
That Telegram activity alone accounted for more than 300,000 alerts.
Falcon Feeds also uncovered a handful of new actors: 313 Team, Fatimion Cyber Team, Cyber Islamic Resistance, Z-Net, SYLHET GANG-SG, LulzSec Black, BABAYO EROR SYSTEM, 404 CREW CYBER TEAM, NATION OF SAVIORS, Akatsuki Cyber Team, ENTITY, and L4663R666H05T.
However, Falcon Feeds still considers the activity to be less than might normally be expected, despite the numbers.
“Unlike previous high-intensity digital conflicts such as Russia–Ukraine or Israel–Palestine, the current cyber environment appears comparatively restrained,” Falcon Feeds said.
“A key factor may be the ongoing internet blackouts across Iran, which have significantly reduced connectivity and may be limiting the visibility – and velocity – of regional cyber operations.”
AI – Both a multiplier and a threat surface
“The use of AI in warfare is no longer speculative; when geopolitical tension rises, digital control planes, especially those tied to automation and decision support, become strategic terrain, and the integration layers that connect AI agents to internal systems, APIs, and external data now function as critical infrastructure,” Valenzuela said.
“As automation layers gain persistent context and direct access to operational systems, they effectively become a new targetable control plane, where subtle manipulation of inputs or workflows can have outsized impact on procurement, logistics and response.”
According to Valenzuela, organisations that may be in the firing line must constantly monitor and test their AI and network infrastructure.
“If your organisation depends on federal systems, global suppliers or automation-driven decision workflows, those dependencies must be mapped, continuously reassessed and explicitly included in crisis simulations, because influence operations will increasingly target the systems that inform people, not just the people themselves,” Valenzuela said.
“This shift will be felt most acutely in supply chains. Export controls are tightening, rare earth restrictions are expanding and supplier landscapes are fragmenting, which means the attack surface now includes not just code and hardware, but also the data and AI-driven processes that decide which components you buy, from whom and under what constraints.
“In that context, supply-chain compromise can mean trojanised firmware and software updates, manipulated supplier intelligence, or AI-distorted risk scores that quietly steer critical dependencies toward adversary-influenced ecosystems.”
Get involved with the discussion and let us know your thoughts on Australia’s future role and position in the Indo-Pacific region and what you would like to see from Australia’s political leaders in terms of partisan and bipartisan agenda setting in the comments section below, or get in touch at
