Threat Research

On 28 February 2026, the US and Israel launched strikes inside Iran in a campaign named Operation Epic Fury, targeting missiles, air defenses, military infrastructure, and leadership assets. Iran retaliated with missile and drone attacks against US embassies and military bases across the region....

Between 2024 and March 2026, the geopolitical landscape around Iran has shifted dramatically. What was once a tense but predictable standoff has escalated into a major regional crisis. In 2024, Iran began moving from proxy warfare toward direct military confrontation, marked by ballistic missile exchanges with Israel....

Seedworm (also known as MuddyWater) has been observed conducting cyber espionage activities against multiple organizations in the United States and Canada since early 2026. Targeted entities include a U.S. bank, airport, defense-related software company, and non-profit organizations....

Rising tensions between the United States, Israel, and Iran have increased the likelihood of cyber operations accompanying military activity. Iranian state-aligned threat actors have historically targeted sectors such as energy, financial services, government, and defense to weaken response capabilities before or during conflict....

A dramatic and dangerous phase in Middle Eastern geopolitics has begun with open conflict between Iran, Israel, and the United States. Last week, U.S. and Israeli forces launched Operation Lion’s Roar, targeting Iranian military and nuclear facilities. Iran responded with retaliation, escalating the conflict across the region....

Recent escalations between Iran, the U.S., and Israel have coincided with increased cyber threat activity across the Middle East. Destructive incidents, including kinetic attacks affecting AWS data centers in the UAE and Bahrain, have disrupted regional cloud services....

On Feb. 28, 2026, joint US–Israel strikes reduced Iran’s internet connectivity to 1–4%, disrupting leadership communications and degrading command-and-control across state networks. Security teams identified an SMS/phishing campaign distributing a trojanized Israeli Home Front Command RedAlert APK for surveillance and data exfiltration....

On 28 February 2026, U.S. and Israeli forces launched combined air and cyber attacks that disrupted Iranian communications networks and critical systems....

On Feb. 28, 2026, the United States and Israel launched a joint offensive—Operation Epic Fury (U.S.) and Operation Roaring Lion (Israel). In response, Iran initiated a multi-vector retaliatory campaign that has expanded into a broader trans-regional conflict. An increase in cyberattacks from activist groups outside Iran has been observed....

UNG0801 is a persistent threat cluster originating from Western Asia that targets enterprise organizations in Israel using Hebrew-language phishing lures disguised as routine internal communications. The campaigns heavily rely on antivirus icon spoofing, abusing trusted brands such as SentinelOne and Check Point to gain user trust....