{"id":7034,"date":"2026-03-11T14:47:59","date_gmt":"2026-03-11T14:47:59","guid":{"rendered":"https:\/\/sawahsolutions.com\/range\/russia-linked-hackers-appear-on-iran-wars-cyber-front-but-their-impact-is-murky\/"},"modified":"2026-03-11T14:48:00","modified_gmt":"2026-03-11T14:48:00","slug":"russia-linked-hackers-appear-on-iran-wars-cyber-front-but-their-impact-is-murky","status":"publish","type":"post","link":"https:\/\/sawahsolutions.com\/range\/russia-linked-hackers-appear-on-iran-wars-cyber-front-but-their-impact-is-murky\/","title":{"rendered":"Russia-linked hackers appear on Iran war\u2019s cyber front, but their impact is murky"},"content":{"rendered":"<div>\n<p>Apparent Russia-linked hacking collectives backing Iran have been observed joining the cyber activity unfolding alongside the U.S.-Israel war against Iran, though analysts have mixed views on whether their involvement represents a meaningful escalation or little more than online noise.<\/p>\n<p>The outlook on such \u201chacktivist\u201d groups \u2014 hackers who attempt to penetrate systems and steal information for political activism \u2014 comes days after The Washington Post reported that Russia is supplying Iran with intelligence to help target U.S. forces in the Middle East and adds another dimension to the already complex cyber and information environment surrounding the war.<\/p>\n<p>One well-known pro-Russia group dubbed \u201cNoName057(16)\u201d recently claimed massive distributed denial-of-service attacks against Israeli defense contractors and also claimed to have gained full access to the human-machine interfaces of Israeli water management systems, said Kathryn Raines, a cyber threat intelligence team lead at cybersecurity firm Flashpoint. But company analysts have not verified these claims, she said.<\/p>\n<p>Distributed denial-of-service hacks, known colloquially as \u201cDDoS\u201d attacks, overwhelm websites with large amounts of artificial internet traffic to stop legitimate users from accessing them.<\/p>\n<p>CrowdStrike has similarly observed a surge in pro-Iran hacktivists with ties to Russia. In the first few days after the war broke out on Feb. 28, one Russia-aligned hacktivist group the company dubs \u201cZ-Pentest\u201d claimed responsibility for compromising several U.S.-based entities, said Adam Meyers, the company\u2019s head of counter adversary operations.\u00a0<\/p>\n<p>Those claims are also unverified, though \u201cWestern organizations should continue to remain on high alert for potential cyber response as the conflict continues and activity may move beyond hacktivism and into destructive operations,\u201d he said.<\/p>\n<p>The United States has long supplied Ukraine with intelligence and equipment to strike Russian targets within its borders. Now, as the war unfolds in Iran, Moscow could be seizing its own opportunity for retaliation by aiding Tehran.<\/p>\n<p>\u201cRussia is comfortable providing some proxy support to Iran, or at least taking advantage of an unstable situation,\u201d Cynthia Kaiser, a former deputy director at the FBI\u2019s Cyber Division, said in a LinkedIn post this weekend. \u201cExpect exaggeration, but don&#8217;t dismiss the underlying access. These groups regularly inflate the impact of their attacks for media attention. But they have caused real physical damage to critical infrastructure. Calling their bluff shouldn&#8217;t mean ignoring the threat.\u201d<\/p>\n<p>\u201cRussia has a variety of partner engagements with Iran that could prompt Moscow to get involved in the conflict, particularly if Russia perceives that U.S. military operations dragging out would further pull the White House\u2019s focus from Ukraine,\u201d said Justin Sherman, founder and CEO of Global Cyber Strategies, a Washington, D.C.-based research and advisory firm.<\/p>\n<p>The Kremlin\u2019s vast and complex cyber ecosystem allows it to leverage state elements, hired or coerced cybercriminals and patriotic hackers encouraged by propaganda to pursue its goals, Sherman said, explaining that \u201cone of the benefits of Russia\u2019s cyber web for the state is how the Kremlin can pick and choose its actors and capability sets as it pleases, depending on its needs.\u201d<\/p>\n<p>In a recent case, Russian state-backed groups initiated a massive global campaign targeting the Signal and WhatsApp accounts of officials, military personnel and civil servants, Dutch intelligence said Monday.<\/p>\n<p>But Sherman said that attributing Russian-origin cyber operations is complex, and that analysts should try to examine which parts of Vladimir Putin\u2019s government may have authorized an operation to better understand how Moscow would be aiding Iran in cyberspace.<\/p>\n<p>Some are skeptical that Russia sharing targeting intelligence would translate directly into cyber support for Tehran.<\/p>\n<p>\u201cRussia providing intelligence assistance to the Iranian government to support kinetic strikes, and the idea of Russian cyber actors as implied by the conventional use of the phrase \u2014 i.e., those with a nexus to the Russian state \u2014 \u2018joining the cyber aspect of this conflict\u2019 are two very different things,\u201d said Alex Orleans, a former National Security Council contractor and head of threat intelligence at Sublime Security.<\/p>\n<p>\u201cI have not encountered Russian APTs inserting themselves into a conflict to support a third-party and I\u2019d be surprised if they did now,\u201d he said, referring to \u201cadvanced persistent threat\u201d groups that are typically well-resourced, highly skilled and backed by a nation-state.<\/p>\n<p>Other analysts have not publicly attributed any hacktivist activity to a particular nation.<\/p>\n<p>\u201cWhile we have observed some initial hacktivist groups supporting the Iranian regime, these activities are in the very early stages. There is currently no clear indication that this is being directed by a state actor like Russia or Iran, and it remains difficult to verify,\u201d said John Fokker, vice president of threat intelligence at Trellix. \u201cThat said, in any geopolitical conflict, it is common practice for involved countries to provide aid in various forms.\u201d<\/p>\n<p>Iran\u2019s cyber capabilities have likely diminished in recent days, said Dave DeWalt, CEO of NightDragon, a venture capital firm that manages a portfolio of cybersecurity companies.\u00a0<\/p>\n<p>\u201cWe\u2019ve been monitoring almost every actor and every indicator of compromise that we possibly can, and we&#8217;ve seen next to zero activity \u2026 and that\u2019s largely because we believe that most of their cyber operations have been dismantled physically,\u201d he said in an interview.<\/p>\n<p>Israel\u00a0said last week it destroyed Iran\u2019s cyberwarfare headquarters, though it\u2019s not immediately clear how much effect that\u2019s had on its cyber operations.<\/p>\n<p>\u201cWe\u2019ve seen little activity from [Iran] globally, that doesn\u2019t mean that it\u2019s completely dismantled,\u201d DeWalt said. \u201cI don\u2019t have full confirmation, but I would tell you it certainly looks like no other case I&#8217;ve seen in 20 years, where we\u2019ve seen such silence in the digital world from [Iran].\u201d<\/p>\n<p>Asked about whether China and Russia are sharing capabilities with Iran at this point, he said those nations may be keeping their distance, but there\u2019s possible sharing of satellite, electronic warfare and radar-jamming services. \u201cI would not be surprised at all,\u201d he said.<svg class=\"content-tombstone\">\n<use xlink:href=\"http:\/\/www.defenseone.com\/static\/base\/svg\/spritesheet.svg#icon-d1-logo-tiny\"\/>\n<\/svg><\/p>\n<\/div>\n<p><script>\n!function(f,b,e,v,n,t,s)\n{if(f.fbq)return;n=f.fbq=function(){n.callMethod?\nn.callMethod.apply(n,arguments):n.queue.push(arguments)};\nif(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\nn.queue=[];t=b.createElement(e);t.async=!0;\nt.src=v;s=b.getElementsByTagName(e)[0];\ns.parentNode.insertBefore(t,s)}(window,document,'script',\n'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\nfbq('init', '10155007044873614'); \nfbq('track', 'PageView');\n<\/script><script>\n  window.fbAsyncInit = function() {\n    FB.init({\n      appId      : '1546266055584988',\n      autoLogAppEvents : true,\n      xfbml      : true,\n      version    : 'v2.11'\n    });\n  };\n  (function(d, s, id){\n     var js, fjs = d.getElementsByTagName(s)[0];\n     if (d.getElementById(id)) {return;}\n     js = d.createElement(s); js.id = id;\n     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n     fjs.parentNode.insertBefore(js, fjs);\n   }(document, 'script', 'facebook-jssdk'));\n<\/script><br \/>\n<br \/>Read the full article <a href=\"https:\/\/www.defenseone.com\/threats\/2026\/03\/russia-linked-hackers-appear-iran-wars-cyber-front-their-impact-murky\/412013\/\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apparent Russia-linked hacking collectives backing Iran have been observed joining the cyber activity unfolding alongside the U.S.-Israel war against Iran, though analysts have mixed views on whether their involvement represents a meaningful escalation or little more than online noise. The outlook on such \u201chacktivist\u201d groups \u2014 hackers who attempt to penetrate systems and steal information<\/p>\n","protected":false},"author":1,"featured_media":7035,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cdn.defenseone.com\/media\/img\/cd\/2026\/03\/10\/031026RussiaNG-1\/open-graph.jpg","fifu_image_alt":"","footnotes":""},"categories":[31],"tags":[],"class_list":["post-7034","post","type-post","status-publish","format-standard","has-post-thumbnail","category-defense"],"_links":{"self":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/7034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/comments?post=7034"}],"version-history":[{"count":1,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/7034\/revisions"}],"predecessor-version":[{"id":7036,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/posts\/7034\/revisions\/7036"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/media\/7035"}],"wp:attachment":[{"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/media?parent=7034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/categories?post=7034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sawahsolutions.com\/range\/wp-json\/wp\/v2\/tags?post=7034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}