A sharp spike in hacktivist activity has emerged in the wake of the joint U.S.-Israel attacks, code-named Epic Fury and Roaring Lion, targeting Iran. These attacks have triggered a series of retaliatory campaigns from hacktivist groups, raising serious concerns across the cybersecurity community. Radware, a cybersecurity research firm, published findings on the matter, highlighting just how concentrated and organized the threat landscape has become in a short period of time.
Two Groups Are Driving the Majority of Attacks
Cybersecurity researchers at Radware have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran. According to Radware’s findings, the hacktivist threat in the Middle East is highly lopsided. Two groups, Keymous+ and DieNet, are responsible for driving nearly 70% of all attack activity recorded between February 28 and March 2. This figure highlights the concentrated power and influence these groups hold within the ongoing cyber conflict. Their operations are not random acts of protest — they are deliberate, coordinated, and directly tied to the geopolitical tensions fueled by the military campaigns.
The coordinated military efforts between the United States and Israel have served as a clear catalyst for a measurable uptick in hacktivist operations, particularly targeting entities with perceived ties to either nation. Researchers note that these groups are motivated by political dissent and are using cyber operations as a form of asymmetric retaliation.
Tactical Approaches Used by These Groups
The methods employed by Keymous+ and DieNet, as well as other affiliated hacktivist actors, tend to focus on disruption and symbolic resistance. Commonly observed tactics include:
- Distributed Denial-of-Service (DDoS) attacks designed to take down websites and digital services.
- Web defacement campaigns used to spread political messaging or propaganda.
- Data leaks intended to publicly embarrass or discredit targeted governments and organizations.
These tactics, while not always technically sophisticated, can cause significant operational disruption and reputational damage, particularly when coordinated across multiple targets simultaneously.
Recommended Cybersecurity Measures for At-Risk Organizations
Organizations with geopolitical ties to the ongoing conflict, or those operating critical infrastructure in the region, are strongly advised to reinforce their cyber defenses in anticipation of further escalation. Key steps include:
- Increased monitoring of network traffic to detect anomalies and potential intrusion attempts early.
- Regular employee training to identify phishing attempts and social engineering tactics commonly used to gain initial access.
- Consistent patching cycles to close known vulnerabilities before threat actors can take advantage of them.
The urgency around these measures has grown considerably as hacktivist threats continue to increase in both frequency and coordination, directly reflecting the geopolitical tensions playing out across the Middle East.
