Kuwait absorbed 28% of the regional attack claims. Israel followed at 27.1%. Jordan at 21.5%. Those three numbers explain where the digital pressure concentrated after the U.S.-Israel military campaign against Iran — codenamed Epic Fury and Roaring Lion — triggered a surge of retaliatory hacktivist activity across the Middle East and beyond.
Between February 28 and March 2, 2026, cybersecurity firm Radware recorded 149 distributed denial-of-service claims targeting 110 distinct organizations across 16 countries. Twelve groups carried out the attacks. Three of them — Keymous+, DieNet, and NoName057(16) — accounted for 74.6% of all activity. According to the report, just two groups, Keymous+ and DieNet, drove “nearly 70% of all attack activity” during that window alone.
The first strike came on February 28, launched by Hider Nex, also known as Tunisian Maskers Cyber Force. According to details from Orange Cyberdefense, the group is a Tunisian hacktivist collective that supports pro-Palestinian causes and emerged in mid-2025. It combines DDoS attacks with data breaches to leak sensitive information alongside its disruption campaigns.
Where the Attacks Landed
Of the 149 total claims, 107 targeted organizations in the Middle East, with a clear tilt toward public infrastructure and state-level targets. Europe absorbed 22.8% of global attack activity during the same period. By sector, nearly 47.8% of all targeted organizations belonged to government, followed by finance at 11.9% and telecommunications at 6.7%.
“The digital front is expanding alongside the physical one in the region, with hacktivist groups simultaneously targeting more nations in the Middle East than ever before,” Radware said in its Tuesday report.
Beyond the three dominant groups, operations were also attributed to Nation of Saviors, the Conquerors Electronic Army, Sylhet Gang, 313 Team, Handala Hack, APT Iran, Cyber Islamic Resistance, Dark Storm Team, the FAD Team, Evil Markhors, and PalachPro, per data from Flashpoint, Palo Alto Networks Unit 42, and Radware.
More Read
Iran’s Broader Cyber Calculus
Cynthia Kaiser, ransomware research center SVP at Halcyon and former Deputy Assistant Director with the FBI‘s Cyber Division, wrote on LinkedIn that Iran has a documented history of using cyber operations against “perceived political slights,” and that these activities have increasingly incorporated ransomware. “Tehran has long preferred to turn a blind, or at least indifferent, eye to private cyber operations against targets in the US, Israel, and other allied countries,” she said. “Having access to cyber criminals gives the government options.”
Kaiser assessed that Iran is likely to activate cyber actors if it believes “their operations can deliver a meaningful retaliatory impact” in response to U.S. and Israeli military actions.
SentinelOne said it has assessed with high confidence that organizations in Israel, the U.S., and allied nations face direct or indirect targeting risk, particularly across government, critical infrastructure, defense, financial services, academic, and media sectors. Nozomi Networks added that Iranian threat actors have “historically demonstrated a willingness to blend espionage, disruption, and psychological impact operations,” and that such operations “often intensify” in periods of instability, reaching targets “far beyond the immediate conflict zone.”
Photo by Pixabay
This article is a curated summary based on third-party sources. Source: Read the original article
