Cyber warfare is a crucial part of the strategy used by US-Israel in the war in Iran, and will likely be a key part of the Iranian response as well. 
On February 28th, 2026, the United States and Israel started a barrage of strikes against Iran, with Trump describing the attacks as necessary “to defend the American people by eliminating imminent threats from the Iranian regime” on his social media app, Truth Social. The attacks have triggered varied responses around the world, and a sense of foreboding, as people are unsure of what to expect during this war. While the length of the fight is still undetermined, one thing seems certain: the US-Israel conflict with Iran will unfold in cyberspace just as much as it will on Iran’s land.
Cyber capabilities were a key part of the February strikes that killed Iran's decades-long leader, Supreme Leader Ali Khamenei. The US Cyber Command and US Space Cyber Command were “directly involved” with the operations, according to General Dan Caine, Joint Chiefs of Staff Chairman, who explained what their efforts accomplished: “Coordinated space and cyber operations effectively disrupted communications and sensor networks across the area of responsibility, leaving the adversary without the ability to see, coordinate or respond effectively”. In other words, “U.S. CYBERCOM and SPACECOM continuously layered effects to disrupt, disorient and confuse the enemy.”
The attack from the “first movers” of the bombing campaign hit “more than 1,000 targets in the first 24 hours,” in what Caine described as “a massive, overwhelming attack across all domains of warfare,” likely including fighters, airborne early warning aircraft, and even electronic attack platforms. Caine’s words have been flagged as “what may be the most public acknowledgement of its cyber operations capabilities to date” by the Pentagon, essentially cementing the cyber domain as another fair target for the US offensive actions.
The US attack on the Iranian communications network was not the sole attack Iran experienced on February 28th. News sites, along with religious calendar app BadeSaba, were also targeted. The app, which provides Muslims with prayer times depending on their location, has over 30 million downloads in Iran and is likely experiencing higher traffic as many observe the holy month of Ramadan with prayer and fasting. Israel’s hack of BadeSaba meant that users received notifications at the start of the strikes saying “Help has arrived” and “It’s time for reckoning”, encouraging people to stop their support for the current Iranian government. Founder of DarkCell and a security researcher, Hamid Kashfi, discussed the data implications of the hack on a post on X, where he explained that BadeSaba users “are particularly religious people and have [a] higher chance to be also pro-regime and within [the] body of the army.”
On top of these hacks, the residents of Iran are also facing a prolonged internet blackout. Cyber threat intelligence team lead at intelligence platform Flashpoint, Kathryn Raines, discussed the origin of the service interruption with CNBC: “While the actual cause is still unclear, it’s almost certainly a combination of both state-ordered suppression and external cyber disruption.” The internet blackout continues to pose a serious problem for 90 million people living in Iran, as civilians are unable to find information about where the strikes are landing.
Unsurprisingly, the conflict with Iran has resulted in malicious cyber actions against other countries. Radware found that following the start of the US-Israel military campaign, there was a retaliatory surge in hacktivist activity. Most of the attacks were aimed at other countries in the Middle East, but Europe received just over a fifth of the activity, with the most targeted industries being the government, finance, and telecommunications. The United Kingdom’s National Cyber Security Centre (NCSC) is urging UK organizations and key infrastructure providers to check on their cybersecurity posture, saying: “there is almost certainly a heightened risk of indirect cyber threat for those organisations and entities who have a presence, or supply chains in the Middle East”.
In the US, cybersecurity experts name energy, water, transportation, telecommunications, the media, financial services, and healthcare as other probable targets. James Trugal, a 22-year FBI veteran and current VP of Global Cyber Risk and Board Relations at Optiv, suggested that DDoS, ransomware, and credential theft are some of the techniques that Americans should anticipate seeing in the next month.
Any attacks would likely put a strain on the US Cybersecurity and Infrastructure Security Agency (CISA), which has had difficulties operating as of late. Besides the sweeping staff and budget cuts in 2025, CISA recently lost its cybersecurity acting associate director, Shelly Hartsook, while appointing a new acting executive assistant director, Chris Butera. The Department of Homeland Security (DHS) shutdown has limited the Agency’s capabilities, and is likely to continue, even after the firing of Kristi Noem, the previous Secretary of the DHS. Uncertainty about the security of the States will likely continue as US Defense Secretary Pete Hegseth said that the fight with Iran has “only just begun”. The only thing that does seem certain is that cyber intrusions will rise because of the conflict, and that organizations hoping to stay safe should shore up their defenses.