As geopolitical tensions flare again in the Middle East, cyber operations are increasingly becoming an extension of physical conflict. State-aligned threat actors, patriotic hackers, and ideologically motivated groups are exploiting the moment, pushing digital conflict beyond traditional boundaries.
At Trellix, we’ve been closely tracking Iranian cyber operations for years. Our research has shown that Iran maintains a mature and diverse cyber capability, executed through a combination of government agencies, contractors, and loosely affiliated proxy groups. These actors are capable of a broad spectrum of operations—from espionage and wiper attacks to disruptive campaigns targeting critical infrastructure.
To help organizations contextualize this threat, we published a detailed breakdown of Iranian cyber capabilities in this recent blog post: The Iranian Cyber Capability.
Wipers are a staple in the Iranian cyber arsenal, aimed not at profit but at maximum disruption and psychological impact. These attacks, often attributed to state-aligned groups like APT33 (Elfin), APT34 (OilRig), and DEV-0270 (Nemesis Kitten), involve malware designed to delete or corrupt data beyond recovery, rendering systems inoperable. Over the past decade, Iran has repeatedly used wipers to retaliate against geopolitical rivals, disrupt infrastructure, and signal capability. Notable examples include the Shamoon attacks (2012, 2016) which crippled Saudi Aramco and other Gulf entities; ZeroCleare (2019), and the wiper from known activist group Handala we reported on last year.
But the story doesn’t end there.
Alongside state operations, we’re witnessing a surge in hacktivist activity. These groups—often claiming to act out of patriotic or religious allegiance—are becoming increasingly sophisticated and, at times, aligned (tacitly or explicitly) with nation-state agendas. These groups act as accelerants: launching disruptive attacks like distributed denial of service (DDoS) or wiper attacks, defacing websites, leaking data, or conducting psychological operations like the spread of misinformation with global ripple effects.
In another recent blog, we unpacked the connections between hacktivist groups and nation-state objectives: Hacktivist Groups and the Shadowy Links to Nation-State Agendas.
And as expected, the hacktivist group Handala was quick to re-emerge in the aftermath of the first wave of Israeli attacks, posting with new data leaks of Israeli organizations.
Read the full article here
_______
If this information is helpful to you, read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query.
Content curated by the team of COMPUTER 2000 on the basis of news in reputable media and marketing materials provided by our partners, companies, and other vendors.
Follow us to learn more
CONTACT US
Let’s walk through the journey of digital transformation together.
