Augmentation des cybermenaces suite aux actions militaires des États-Unis, d'Israël et de l'Iran [Flash Report]
Table des matières
What happened on February 28, 2026?
The geopolitical shockwaves were immediate. In parallel, a second front opened: cyberspace.
The cyber dimension: what we observed
Periods of direct military escalation in the Middle East consistently trigger surges in state-aligned and hacktivist cyber activity. This conflict was no exception, and the speed of response was notable. Within hours of the strikes, CybelAngel’s REACT team began tracking a significant uptick in claimed cyber operations across multiple threat actor channels, spanning several countries in the region.
The UAE was the most heavily targeted geography, consistent with its role as a host of US military infrastructure and a country directly struck by Iranian missiles.
Who are the most affected sectors?
Four sectors stand out across the observed activity. Government and public safety entities bore the brunt of pressure-style campaigns, with civil defense authorities, municipalities, and government portals repeatedly named. Critical infrastructure, including airports and telecoms, featured prominently in threat actor claims. Financial services saw targeting across the region, with banking apps and stock exchanges named as DDoS targets. Commercial and SMB sectors in the UAE experienced a high volume of defacement activity, with retail sites, restaurants, and small businesses caught in the crossfire.
What this means for your organization
The current pattern is dominated by disruption rather than sophisticated intrusion. This is consistent with what security researchers typically observe during crisis periods: a surge in lower-barrier, high-visibility operations where messaging and symbolic impact outweigh technical sophistication. That said, this environment creates cover for more targeted operations. Amid the noise of high-volume DDoS and defacement activity, access brokers have been observed attempting to monetize alleged network footholds. Organizations should not assume that because most claims are low-sophistication, all activity is.
CybelAngel assesses that activity affecting the countries referenced in our full report will continue, with additional geographies potentially drawn in as the conflict evolves.
Access the full Flash Report
The full report includes time-stamped incident tracking across seven countries, actor profiles, sector-by-sector breakdowns, and specific defensive guidance for organizations operating in affected geographies. CybelAngel’s REACT team tracks geopolitically motivated cyber activity continuously, so you get the signal without the noise.
If you are a CybelAngel client, your REACT team is actively monitoring this situation. If you are not yet a client, talk to an analyst to request the full Flash Report.
À propos de l'auteur
