Middle East hacktivist surge targets government, banking, aviation and telecom sectors
Target Trend
Summary
Hide ▲
Show ▼
More than 150 hacktivist incidents were recorded between February 28 and March 1, 2026, marking a sharp surge in Middle East targeting that raised spillover risk for organizations in the region and globally. The activity centered on DDoS attacks, website defacements and unverified data breach claims against government, banking, aviation and telecom sectors. The scale and breadth point to a recurring disruption pattern rather than a single-victim event.
Related Happenings
UAE and Gulf cyberattack surge after Iran conflict escalation
Target Trend
First: 06.05.2026 08:30
Last: 06.05.2026 08:30
Sources 1
About this happening:
Cyberattack volume surged across the **UAE** and wider **Gulf** after military operations against **Iran** began, pushing daily breach attempts to **600,000 to 800,000** and raisi...
UAE and Gulf cyberattack surge after Iran conflict escalation
Target TrendAbout this happening: Cyberattack volume surged across the **UAE** and wider **Gulf** after military operations against **Iran** began, pushing daily breach attempts to **600,000 to 800,000** and raisi...
Rising cyber breach prevalence across UK public education institutions
Target Trend
First: 30.04.2026 16:30
Last: 30.04.2026 16:30
Sources 1
About this happening:
**UK public education** saw a sharp rise in **cyber breach prevalence**, with **secondary schools**, **further education colleges**, and **higher education institutions** all repo...
Rising cyber breach prevalence across UK public education institutions
Target TrendAbout this happening: **UK public education** saw a sharp rise in **cyber breach prevalence**, with **secondary schools**, **further education colleges**, and **higher education institutions** all repo...
CL-CRI-1116 / BlackFile overlap with The Com
Threat Actor Meta
First: 27.04.2026 11:15
Last: 27.04.2026 11:15
Sources 1
About this happening:
Researchers linked **CL-CRI-1116** to overlapping labels including **BlackFile**, **UNC6671**, and **Cordial Spider**, suggesting the extortion cluster sits inside a broader **The...
CL-CRI-1116 / BlackFile overlap with The Com
Threat Actor MetaAbout this happening: Researchers linked **CL-CRI-1116** to overlapping labels including **BlackFile**, **UNC6671**, and **Cordial Spider**, suggesting the extortion cluster sits inside a broader **The...
Handala post-ceasefire retaliatory cyberattack campaign targeting the U.S. and Israel
Campaign
First: 09.04.2026 04:22
Last: 09.04.2026 04:22
Sources 1
About this happening:
**Handala** and other **pro-Iranian hackers** are keeping a retaliatory **cyber campaign** active after the **ceasefire announcement**, leaving **U.S. and Israeli targets** at ong...
Handala post-ceasefire retaliatory cyberattack campaign targeting the U.S. and Israel
CampaignAbout this happening: **Handala** and other **pro-Iranian hackers** are keeping a retaliatory **cyber campaign** active after the **ceasefire announcement**, leaving **U.S. and Israeli targets** at ong...
North Korean Drift contributor targeting campaign
Campaign
First: 06.04.2026 19:35
Last: 06.04.2026 19:35
Sources 1
About this happening:
A **North Korean** targeting campaign against **Drift Protocol contributors** ran for at least **six months** before the later theft, increasing the attackers' access and credibil...
North Korean Drift contributor targeting campaign
CampaignAbout this happening: A **North Korean** targeting campaign against **Drift Protocol contributors** ran for at least **six months** before the later theft, increasing the attackers' access and credibil...
Timeline
-
02.03.2026 17:00 1 articles · 2mo ago
Hacktivist surge begins across Middle East targets
Campaign Scope UpdateHacktivist activity expands across open channels in the Middle East, with increased activity from HydraC2, Handala and Sicarii and operations involving DDoS attacks, website defacements and unverified data breach claims against government, banking, aviation and telecom sectors.
Show sources
- Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity — www.infosecurity-magazine.com — 02.03.2026 17:00
-
02.03.2026 17:00 2 articles · 2mo ago
Hacktivist incidents continue and exceed 150 records
Campaign Scope UpdateBy March 1, more than 150 hacktivist incidents have been recorded across open channels, sustaining DDoS attacks, website defacements and unverified data breach claims against government, banking, aviation and telecom sectors.
Show sources
- Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity — www.infosecurity-magazine.com — 02.03.2026 17:00
- 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict — thehackernews.com — 04.03.2026 19:21
-
02.03.2026 17:00 1 articles · 2mo ago
NCSC warns organizations about indirect Middle East spillover risk
Industry Or Public Sector UpdateSecurity analyst Cynthia Kaiser says Iran will likely respond in cyberspace, probably as cybercrime and ransomware, while Halcyon reports increased activity from HydraC2, Handala and Sicarii. The UK's National Cyber Security Centre says direct cyber threat to the UK has not changed significantly, but organizations with offices or supply chains in the Middle East face heightened indirect risk and should review risk posture, increase monitoring, enforce multi-factor authentication (MFA) and ensure offline backups are in place.
Show sources
- Hybrid Middle East Conflict Triggers Surge in Global Cyber Activity — www.infosecurity-magazine.com — 02.03.2026 17:00