Following U.S. and Israeli airstrikes on Iran in late February 2026, more than 60 pro-Iranian hacktivist groups mobilized on Telegram within hours, joining established nation-state actors in targeting U.S., Israeli, and regional critical infrastructure. CloudSEK researchers warn that AI has dramatically lowered the technical barrier for attacking internet-exposed ICS/OT systems — over 40,000 in the U.S. alone — by making knowledge of industrial protocols and default credentials accessible to anyone. Nation-state groups like Seedworm/MuddyWater and CyberAv3ngers remain active, while Russian actor NoName057 has also joined the effort. The researchers describe this as the largest single-event activation of Iranian-aligned cyber actors ever documented, with AI enabling hacktivists to replicate tactics previously limited to well-resourced state actors.
Table of contents
10-Plus Years in the MakingAI Comes into PlayDoD, Anthropic, and OpenAINation-State Actors at WorkSort: