Following the February 28, 2026 U.S.-Israeli Operation Epic Fury targeting Iran, approximately 60 hacktivist groups have been activated and Iranian state-aligned cyber units are escalating attacks. Active campaigns include SMS/phishing delivering RedAlert APK malware, DDoS attacks, data exfiltration, and early wiper deployments. Iranian APT groups MuddyWater, APT35/Charming Kitten, and OilRig/APT34 remain operationally active with evolving toolsets including newer malware families RustyWater and WezRAT. AttackIQ has released an assessment template covering Iranian adversary payload samples to help organizations validate their defenses. Organizations in energy, government, defense, financial services, and critical infrastructure are urged to deploy the assessment immediately, as the window between geopolitical escalation and retaliatory cyber operations is measured in days.
Table of contents
Situation Report: Operation Epic FuryWhy We Built This — And Why It Matters NowCall to ActionSort: