{
  "name": "Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran",
  "slug": "threat-brief-march-2026-escalation-of-cyber-risk-related-to-iran",
  "description": "A significant joint offensive by the US and Israel has triggered a multi-vector retaliatory campaign from Iran, leading to an escalation in cyberattacks. Iran's limited internet connectivity is likely hindering state-aligned threat actors' ability to coordinate sophisticated attacks. Hacktivist groups are targeting perceived adversaries, while other nation-state actors may exploit the situation. Observed activities include phishing campaigns, DDoS attacks, data exfiltration, and wiper attacks. Multiple Iranian state-aligned personas and collectives have claimed responsibility for various disruptive operations. Pro-Russian hacktivist groups have also been active, targeting Israeli systems and infrastructure. The situation remains fluid, and organizations are advised to implement multi-layered defenses and focus on foundational security hygiene.",
  "published": "2026-03-03T05:39:44+00:00",
  "created_at": "2026-03-03T05:39:44+00:00",
  "modified_at": "2026-03-03T16:14:32+00:00",
  "created_at_opencti": "2026-03-03T05:39:44+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2026-03-03",
    "critical-infrastructure",
    "ddos",
    "espionage",
    "geopolitical conflict",
    "hacktivism",
    "iran",
    "phishing",
    "ransomware",
    "redalert",
    "state-sponsored",
    "supply-chain"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "http://www.shirideitch.com/wp-content/uploads/2022/06/RedAlert.apk"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:7f2231bdb40ce4f3",
        "name": "RedAlert",
        "slug": "redalert"
      }
    ],
    "attack_patterns": [
      {
        "id": "5e3b3612-8bf8-46e1-943e-b4c1524bef11",
        "name": "T1587"
      },
      {
        "id": "747c7b95-79ff-4132-8ea5-397cb6665ebd",
        "name": "T1498"
      },
      {
        "id": "c340d47a-2ea8-41ca-9a0b-a72559b89bbf",
        "name": "T1584"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "2969e5a7-1049-4df8-b1ba-8a0675de6b94",
        "name": "T1589"
      },
      {
        "id": "804630c7-dda3-49df-9ac4-70bd1ad83e06",
        "name": "T1192"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "f1bb7823-4f4b-4565-b472-bf0cfca467b1",
        "name": "T1486"
      },
      {
        "id": "5bab4974-1fc2-4144-b093-28ebcb8767dc",
        "name": "T1114"
      },
      {
        "id": "6c8f8a40-2746-4a37-86bd-81e82afa6e62",
        "name": "T1190"
      },
      {
        "id": "b9eab970-53dd-4977-9a26-c4fe566e422d",
        "name": "T1133"
      },
      {
        "id": "306ee8dc-1d64-4916-96be-18060d690ad7",
        "name": "T1499"
      },
      {
        "id": "fe6f2946-a01e-460c-9636-8c48b45dd0e6",
        "name": "T1189"
      },
      {
        "id": "5dee2969-7083-430e-9083-73bab54c3a18",
        "name": "T1590"
      },
      {
        "id": "7616ff60-a18f-4663-9824-b889aa01c8ce",
        "name": "T1588"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Israel"
      },
      {
        "id": "",
        "name": "Energy"
      },
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Telecommunications"
      },
      {
        "id": "",
        "name": "Technology"
      },
      {
        "id": "",
        "name": "Defense"
      },
      {
        "id": "",
        "name": "Healthcare"
      },
      {
        "id": "",
        "name": "Transportation"
      },
      {
        "id": "",
        "name": "Government"
      },
      {
        "id": "",
        "name": "api.ra-backup.com"
      }
    ]
  },
  "external_refs": [
    "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/",
    "https://otx.alienvault.com/pulse/69a68230a0f1fa4ed0ab3ac6"
  ]
}