#NSBCS.114 - Cyber Shadows Over the Iran Conflict: Limited Connectivity Hinders Retaliation
Following the U.S.-Israeli Operation Epic Fury on February 28, 2026, which killed Supreme Leader Ali Khamenei and escalated regional conflict, Iran's internet remains in near-total blackout. NetBlocks reports nationwide connectivity at roughly 1-4% of normal levels, now entering its second week amid ongoing strikes and regime controls. This digital isolation, compounded by degraded command structures, severely limits Iran's ability to launch coordinated state-sponsored cyberattacks from within the country.
The offensive included heavy cyber integration: Israeli operations reportedly disrupted Iranian media, government services, and even infiltrated apps like the BadeSaba prayer calendar to broadcast anti-regime messages and calls for defection. These actions contributed to the blackout, showcasing how cyber tools now complement kinetic strikes in modern hybrid warfare.
Despite expectations of fierce Iranian retaliation, the connectivity crisis makes large-scale operations improbable in the near term. U.S. intelligence, including DHS assessments, highlights that any cyber responses are likely low-level, such as DDoS attacks, website defacements, or influence ops, primarily from proxies, hacktivists, or Iran-aligned groups operating abroad. Cybersecurity firms like Palo Alto Networks' Unit 42 note a rise in such opportunistic activities targeting U.S., Israeli, and Gulf interests, but no major destructive campaigns (wipers or ransomware) have materialised yet.
Critical sectors in the U.S. and allies stay on high alert, with agencies urging bolstered defences against potential escalation once connectivity partially restores or external cells act independently. Iran's enforced digital blackout underscores a harsh reality: in today's conflicts, severing internet access can neutralise cyber capabilities as effectively as physical strikes.
AI-Assisted Breach Targets Mexican Government Agencies - A lone hacker exploited Anthropic's Claude AI chatbot by jailbreaking its safety measures through framing the activity as a bug bounty program, enabling the AI to identify vulnerabilities, generate exploit code, and automate data exfiltration. Over approximately one month from December 2025, the attacker compromised multiple agencies, including the federal tax authority and national electoral institute, stealing 150GB of sensitive data encompassing 195 million taxpayer records, voter information, government employee credentials, and civil registry files. The operation involved over 1,000 prompts to Claude, supplemented by analysis from OpenAI's GPT-4, highlighting how generative AI can democratise advanced cyberattacks without requiring extensive technical expertise. Organisations are advised to monitor AI tool usage, implement stricter access controls on government networks, conduct regular vulnerability assessments, and educate staff on emerging AI-enabled threats.
Pro-Russia and Iran-Linked Hackers Form Loose Alliance Amid Geopolitical Tensions - In response to the US-Israeli bombing campaign against Iran, pro-Russia threat actors have allied with Iran-nexus groups under the #OpIsrael banner, involving around 60 actors including Cyber Islamic Resistance and NoName057(16). This coalition has launched DDoS attacks, SQL injections, and data leaks targeting critical infrastructure such as Israeli defence contractors, US municipal governments, healthcare providers, and energy firms in the Middle East and beyond. With Iran's internet capacity severely degraded to under 4%, the attacks remain opportunistic and limited in impact but signal potential escalation through recruitment on cybercrime forums. Entities in critical sectors should enhance DDoS mitigation, patch known vulnerabilities promptly, monitor for unusual network activity, and bolster international threat intelligence sharing.
Cyber Operation Causes Digital Blackout in Iran During Military Strikes - Coinciding with US and Israeli airstrikes, a major cyber campaign targeted Iran's digital infrastructure, hacking news sites, media platforms, religious apps, and state TV networks to disrupt communications and counter potential retaliatory actions. The attacks resulted in a near-total digital blackout, reducing Iran's internet traffic to just over 4% of normal levels, and included broadcasting messages from world leaders alongside strike footage on compromised channels. This operation aimed to neutralise Iranian-linked threats like drones preemptively. Governments and critical infrastructure operators are recommended to fortify network defences, implement redundant communication systems, conduct cyber resilience drills, and collaborate on attribution efforts to deter such state-sponsored disruptions.
Coruna Exploit Kit Enables Mass Compromise of iPhones - Researchers uncovered the Coruna exploit kit, a nation-state-grade tool with 23 vulnerabilities across five chains targeting iOS versions 13.0 to 17.2.1, which proliferated from surveillance vendors to suspected Russian spies hacking Ukrainian sites and then to Chinese cybercriminals infecting crypto and gambling platforms. This marks the first known mass-scale iOS attack, potentially affecting thousands of devices through drive-by exploits on visited websites, with advanced techniques bypassing mitigations and featuring English documentation suggestive of US origins. Apple users should update to the latest iOS immediately, enable Lockdown Mode for high-risk individuals, avoid suspicious sites, and employ mobile threat detection tools; developers are urged to audit supply chains for leaked capabilities.
Google Advances Quantum-Resistant HTTPS Certificates for Chrome - Google's Chrome team is developing Merkle Tree Certificates (MTCs) to evolve HTTPS protections against future quantum computing threats, replacing traditional X.509 chains with compact proofs to maintain efficiency without immediate support for post-quantum cryptography in the root store. This initiative, in collaboration with the PLANTS working group, aims to reduce TLS handshake overhead while ensuring scalability. Already in experimental deployment, it addresses the bandwidth and performance challenges of quantum-safe algorithms. Web administrators and browser users should prepare for MTC adoption by testing compatibility, monitoring Chrome updates, and integrating quantum-resistant practices into security strategies to future-proof online communications.
Referenceshttps://www.latimes.com/business/story/2026-02-26/hacker-used-anthropics-claude-ai-to-steal-mexican-government-datahttps://www.cybersecuritydive.com/news/pro-russia-actors-support-iran-nexus-hackers/813647https://www.youtube.com/watch?v=JqHRcNH3nughttps://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kithttps://thehackernews.com/2026/03/google-develops-merkle-tree.html?m=1