Following the U.S. Operation Epic Fury and Israel’s Operation Roaring Lion on February 28, Unit 42 reports a multi-vector retaliatory cyber campaign by state-aligned actors and global hacktivist collectives is escalating across the digital battlefield. Connectivity inside Iran has plunged to 1–4%, likely limiting in-country state actor operations while dispersed groups like Handala and Russian Legion claim disruptive strikes — including alleged intrusions into IDF networks and Israel’s Iron Dome — raising risks to high-value targets and supply chains. #Handala #IronDome
Keypoints
- Unit 42 identifies a multi-vector retaliatory cyber campaign triggered by Operation Epic Fury and Operation Roaring Lion.
- Iran’s internet connectivity has dropped to 1–4%, limiting near-term capabilities of in-country state-aligned threat actors.
- State-aligned units may operate in operational isolation, enabling autonomous cells outside the region to continue attacks.
- Hacktivist groups Handala, Russian Legion, and NoName057(16) claim notable breaches, including alleged access to IDF networks and Iron Dome systems.
- Experts warn campaigns may pivot to high-value targets, supply chains, and critical infrastructure, and organizations should remain on high alert.