The Reveal Platform
The escalation of geopolitical tensions involving Iran, Israel, and the United States has been accompanied by a surge in hacktivist cyber operations targeting government institutions, financial platforms, infrastructure organizations, and private companies across multiple regions. Several ideologically aligned cyber groups have publicly claimed responsibility for disruptive attacks including Distributed Denial of Service (DDoS) campaigns, website defacements, and data leaks.
Many of these operations have been announced through messaging platforms and underground forums where attackers publish monitoring links, screenshots, and alleged proof of compromise. While several claims remain unverified, the scale and frequency of announcements indicate a coordinated wave of hacktivist activity attempting to influence the cyber domain during the ongoing geopolitical conflict.
Most of the reported operations focus on Israeli organizations and countries perceived as political allies, including Bahrain, Qatar, and Azerbaijan. However, isolated incidents also indicate cyber activity targeting Iranian entities, highlighting the multidirectional nature of cyber operations during geopolitical conflicts.
The following table summarizes the hacktivist operations linked to the ongoing geopolitical tensions involving Iran, Israel, and Western allies. The incidents were primarily announced through messaging platforms and underground forums where threat actors shared claims of responsibility and alleged proof-of-compromise.
| Hacktivist Actor | Claimed Affiliation | Victim Country | Target Type | Activity |
| Cyber Jihad Movement | Iran-aligned | US, Israel, India, Pakistan, Arab states | Government & Financial | Public call for global cyber attacks |
| Anonymous Syria Hackers | Israel-aligned | Iran | E-commerce Platform | Database breach claim |
| DarkStorm Team | Pro-Iran hacktivist | Israel | Government & Financial | DDoS attacks |
| Hider_Nex | Iran-aligned | Bahrain | Government & Energy | Website disruptions |
| 404 Crew Cyber Team | Pro-Iran hacktivist | Israel | Government & Personal Data | Data leak |
| Nation of Saviors Alliance | Pro-Iran hacktivist | Israel | Telecom & Private Sector | DDoS attacks |
| Z-BL4CX-H4T | Hacktivist actor | Israel | Website | Defacement |
| Cyb3r Drag0nz Kurdish | Kurdish hacktivist group | Israel | Legal sector | Website defacement |
| Cyb3r Drag0nz Kurdish | Kurdish hacktivist group | Qatar | Private companies | Defacement & alleged data leak |
| DieNet | Pro-Iran hacktivist | Qatar | Government portals | DDoS attacks |
| DieNet | Pro-Iran hacktivist | Azerbaijan | Government | Threat announcement |
| 313 Team | Islamic Cyber Resistance | Bahrain | Government portals | DDoS attacks |
Key Observations
Attacker (Claimed Affiliation): Iran-aligned hacktivist collective – Cyber Jihad Movement
Victim Countries: United States, Israel, Pakistan, India, and allied Arab governments
Activity: Public call for coordinated cyber attacks
The group released a public message encouraging supporters to participate in cyber attacks targeting government institutions, financial organizations, and businesses across multiple countries. The statement framed the campaign as part of a broader ideological cyber initiative against Western and allied governments.
While the announcement itself does not confirm operational activity, such calls often serve as catalysts for hacktivist campaigns coordinated across multiple actor groups.
Attacker: Anonymous Syria Hackers
Victim Country: Iran
Activity: Alleged database breach and data leak
The hacktivist group claimed to have compromised the database of an Iranian e-commerce website. According to the announcement, the dataset allegedly contains user account information including email addresses and login credentials with passwords hashed using bcrypt.
The group later posted the dataset on a darknet forum where users were required to interact with the post to unlock the download link.
Attacker (Claimed Affiliation): Pro-Iran hacktivist collective – DarkStorm Team
Victim Country: Israel
Activity: Distributed Denial of Service attacks against government and financial services
The group claimed responsibility for launching DDoS attacks against multiple Israeli organizations including the Prime Minister’s Office, government ministries, and financial platform MAX. Monitoring links shared by the group suggested temporary service disruptions affecting several websites.
Attacker (Claimed Affiliation): Iran-aligned hacktivist actor – Hider_Nex
Victim Country: Bahrain
Activity: Website disruptions targeting government and media platforms
The group claimed attacks against several Bahraini organizations including the Telecommunications Regulatory Authority, Tatweer Petroleum, and the Bahrain News Agency. Screenshots shared by the attackers suggested temporary outages affecting targeted websites.
Attacker (Claimed Affiliation): Pro-Iran hacktivist collective – 404 Crew Cyber Team
Victim Country: Israel
Activity: Data leak associated with the #OpIsrael cyber campaign
The group claimed to have leaked Israeli personal documents including passports and birth certificates belonging to approximately 120 individuals. The dataset allegedly also includes information associated with Israeli government entities, including the Ministry of Defense. The files were reportedly distributed through downloadable archives and torrent links.
Attacker (Claimed Affiliation): Nation of Saviors Alliance
Victim Country: Israel
Activity: Distributed Denial of Service attacks targeting private sector and telecommunications platforms
The group claimed cyber attacks targeting organizations including Bezeq Communications, SEKO Logistics, the Israel Deaf Sports Organization, and the Association of Americans and Canadians in Israel (AACI). Monitoring screenshots suggested temporary disruptions affecting several websites.
Attacker: Z-BL4CX-H4T
Victim Country: Israel
Activity: Website defacement and propaganda messaging
The threat actor claimed responsibility for defacing an Israeli website by replacing the homepage with political messaging and symbolic imagery associated with pro-Palestinian cyber campaigns. The announcement also referenced several affiliated hacktivist groups.
Attacker (Claimed Affiliation): Cyb3r Drag0nz Kurdish
Victim Country: Israel
Activity: Website defacement
The group claimed to have compromised and defaced the website of an Israeli law firm. The attackers replaced the webpage with messaging supporting pro-Palestinian cyber operations and referenced several allied hacktivist groups.
Attacker (Claimed Affiliation): Cyb3r Drag0nz Kurdish
Victim Country: Qatar
Activity: Website defacement and alleged data leak
The group announced cyber attacks targeting companies including Seedeco and the Al Emadi Group of Companies. The attackers claimed to have defaced websites and released company-related data through download links shared on their Telegram channel.
Attacker (Claimed Affiliation): DieNet
Victim Country: Qatar
Activity: Distributed Denial of Service attacks targeting government websites
The group claimed cyber attacks against multiple government platforms including the Ministry of Interior, Ministry of Labor, the Hukoomi eGovernment portal, and the General Authority of Customs. The attackers stated that the campaign caused temporary disruptions across several services.
Attacker (Claimed Affiliation): DieNet
Victim Country: Azerbaijan
Activity: Threat announcement for upcoming cyber attacks
The group publicly announced plans to target Azerbaijani government websites in response to Azerbaijan’s cooperation with Israel and the United States in military and intelligence matters.
Attacker (Claimed Affiliation): 313 Team – Islamic Cyber Resistance in Iraq
Victim Country: Bahrain
Activity: Distributed Denial of Service attacks against government portals.
The group claimed cyber attacks targeting several Bahraini government platforms including the Prime Minister’s Office and the Ministry of Foreign Affairs. The campaign allegedly caused service disruptions across several official websites.
The observed cyber activity highlights how hacktivist groups increasingly participate in geopolitical conflicts through disruptive cyber operations. These actors often operate as loosely coordinated cyber collectives, leveraging messaging platforms to mobilize supporters and publicize claimed attacks.
Although many of the reported incidents appear to involve low to moderate technical sophistication, their cumulative impact can still generate service disruptions, reputational damage, and geopolitical signaling. The broad geographic scope of targeting also demonstrates the growing risk of cyber spillover during regional conflicts.
The cyber campaigns linked to the Iran–Israel–US geopolitical tensions illustrate how modern conflicts increasingly extend into the digital domain. Hacktivist collectives have emerged as visible participants in these campaigns, using disruptive cyber attacks and public data leaks to amplify ideological narratives and demonstrate political alignment.
As geopolitical tensions continue to evolve, organizations worldwide should remain vigilant against opportunistic cyber attacks conducted by ideologically motivated threat actors seeking to exploit international conflicts for political messaging and cyber influence.
Contributors:
Siva Prasad Boddu
Rudra Pratap
