The convergence of cyber warfare with electronic and psychological tactics has reached a critical juncture in the Middle East, as a hypothetical conflict beginning on February 28, 2026, demonstrates. Following a joint US-Israeli military operation that initiated strikes inside Iran, the conflict rapidly expanded into the digital realm. Iran retaliated with ballistic missile and drone strikes targeting multiple regional nations. Hacktivist groups from both sides mobilized almost instantaneously, launching coordinated assaults on critical infrastructure, military logistics, and governmental systems, marking an unprecedented fusion of physical and cyber warfare.
The intensity and scope of these operations underscore the evolving nature of modern conflict. Within hours of the initial physical strikes, Iranian-aligned cyber groups initiated widespread distributed denial-of-service (DDoS) campaigns, website defacements, data theft, and data-wiping operations against United States, Israeli, and Gulf Cooperation Council (GCC) targets. These activities were coordinated by a network known as the Islamic Resilience Cyber Axis, which had been developing its capabilities between 2024 and 2025, with its Electronic Operations Room centralizing malicious cyber efforts. Pro-Western hacktivists mirrored these actions, targeting Iranian news outlets, religious applications, and government portals, thus amplifying the digital battleground.
Iran-Linked Cyber Campaigns Converge With Electronic and Psychological Warfare
According to analysis from Resecurity, a sharp escalation was observed by several Iran-linked threat actors. The newly emerged Cyber Isnaad Front, for instance, published a list of individuals targeted across various industries in Israel. On March 11, 2026, the Handala Hack Team, identified by Resecurity as a significant player, claimed responsibility for a cyberattack against Stryker Corporation, a US-based medical technology firm. This attack reportedly disrupted the company’s global network and resulted in the exfiltration of substantial sensitive data, which Handala stated was in retaliation for an earlier missile strike on a school in Minab, Iran.
These cyber operations were characterized by deliberate targeting and strategic exploitation. Iranian-aligned actors utilized stolen credentials, gathered through infostealer malware, to access web panels and applications, with a particular focus on energy infrastructure in Jordan. Concurrently, hacktivists actively scanned Israeli network ranges for vulnerable Internet of Things (IoT) devices, exploiting known vulnerabilities in Hikvision and Dahua cameras. These include specific CVEs such as CVE-2017-7921, CVE-2021-36260, CVE-2023-6895, and CVE-2025-34067 for Hikvision, and CVE-2021-33044 for Dahua. It is important to note that patches are available for all these identified vulnerabilities, and affected organizations are strongly advised to apply them immediately to mitigate risks.
The broader cyber campaign also impacted networks beyond the immediate conflict zone. Multiple Pakistani television channels, websites, and mobile applications were affected, prompting Pakistan’s National Computer Emergency Response Team (CERT) to launch an official inquiry. The physical destruction of at least three Amazon data centers in the UAE and Bahrain by Iranian drone strikes further compounded the digital disruptions. Meanwhile, the IRGC’s Cyber Warfare headquarters in eastern Tehran was reported to have been bombed, potentially hindering Iran’s capacity for centralized cyber warfare coordination and pushing more operations toward external proxy actors.
Electronic Warfare and GPS Spoofing: A Hidden Battlefield
The hypothetical 2026 Iran conflict generated what is believed to be the most extensive GPS spoofing and jamming campaign ever documented in a military engagement. Operating as a less visible but highly impactful layer beneath overt physical attacks, this electronic warfare component caused significant disruption. Within just 24 hours of the initial US-Israeli operations, over 1,100 commercial vessels in UAE, Qatari, Omani, and Iranian waters reported navigation failures, with their systems falsely placing them at inland locations, a hallmark of active GPS spoofing.
Iran’s state forces and affiliated groups deployed advanced electronic warfare systems across the Persian Gulf, the Strait of Hormuz, and regional airspace. This created widespread navigational confusion for both civilian and military assets operating within the theater. Data from Windward indicated a rapid escalation, with 21 new jamming clusters appearing on the first day of the conflict, rising to 38 the following day. Lloyd’s List Intelligence documented 1,735 GPS interference events affecting 655 vessels in the first week, with daily incidents nearly doubling. By March 7, 2026, over 1,650 vessels had experienced GPS interference, marking a 55 percent increase from the previous week.
Resecurity analysts highlighted the considerable risks posed by GNSS and GPS spoofing to operational technology (OT) environments. Industrial control systems and digital services that rely on precise geolocation data are particularly vulnerable. Organizations in affected regions are strongly advised to implement redundant navigation systems, reduce their reliance on single-source GPS data, and conduct thorough audits of any geolocation-dependent industrial processes. Prioritizing the monitoring of anomalous position data across maritime and aviation platforms is a critical defensive measure in the current environment.
The ongoing evolution of these multifaceted conflict strategies suggests that future engagements will likely involve a more integrated and sophisticated application of cyber, electronic, and psychological warfare tactics. The ability of nations and non-state actors to leverage these domains in concert presents a growing challenge to traditional defense paradigms. International bodies and cybersecurity firms will likely continue to monitor these trends, working to develop more robust defenses and response mechanisms against such hybrid threats.