By Dr. Tim Sandle
SCIENCE EDITOR
DIGITAL JOURNAL
March 10, 2026
How safe are your computer systems? Image by Tim Sandle
Previous reports (including by Digital Journal) have indicated there is a process of intense cyberespionage targeting U.S. critical infrastructure underway, triggered by Iranian intelligence crowdsourcing espionage and other potential attacks via messaging apps. This is based on analysis by Flashpoint, a private provider of threat data and intelligence, who have provided a detailed assessment to Digital Journal. From this, we have captured some of the emerging trends.
Between March 8 and 9, 2026, when the conflict evolved into a highly decentralized phase of hybrid warfare, reports of intense cyberespionage targeting U.S. critical infrastructure, sustained drone and missile barrages against Gulf infrastructure, and the formal consolidation of Iranian leadership were received by news media.
Timeline of Key Events (March 8-9, 2026)March 8: According to The Times of Israel reporting, the Israel Defense Forces (IDF) killed Abolghasem Babaeian, the newly appointed military secretary to the Supreme Leader, in a Tehran airstrike executed within 50 minutes of receiving real-time intelligence.
March 10, 2026
How safe are your computer systems? Image by Tim Sandle
Previous reports (including by Digital Journal) have indicated there is a process of intense cyberespionage targeting U.S. critical infrastructure underway, triggered by Iranian intelligence crowdsourcing espionage and other potential attacks via messaging apps. This is based on analysis by Flashpoint, a private provider of threat data and intelligence, who have provided a detailed assessment to Digital Journal. From this, we have captured some of the emerging trends.
Between March 8 and 9, 2026, when the conflict evolved into a highly decentralized phase of hybrid warfare, reports of intense cyberespionage targeting U.S. critical infrastructure, sustained drone and missile barrages against Gulf infrastructure, and the formal consolidation of Iranian leadership were received by news media.
Timeline of Key Events (March 8-9, 2026)March 8: According to The Times of Israel reporting, the Israel Defense Forces (IDF) killed Abolghasem Babaeian, the newly appointed military secretary to the Supreme Leader, in a Tehran airstrike executed within 50 minutes of receiving real-time intelligence.
March 8: According to The Guardian reporting, Mojtaba Khamenei is officially chosen as Iran’s new Supreme Leader.
March 8, 22:46 UTC: Hacktivist group “Cyber Islamic Resistance” claims the defacement of the official website for Kurdish Peshmerga special forces. Note: This claim has not been verified.
March 8, 23:23 UTC: Cyber Islamic Resistance claims defacement and control over a Saudi medical care application website. Note: This claim has not been verified.
March 9: According to Al Arabiya reporting, Bahraini water desalination and oil facilities are struck, injuring three and leading to a declaration of force majeure.
March 9: According to X reporting by Arta Moeini PhD, Grand Ayatollah Sistani issues a fatwa declaring a “collective religious obligation” for communal defense.
March 9: According to X reporting by Richard Holmes, UK officials express concern over Iranian intelligence using Telegram to recruit “gig-economy” spies across Europe.
March 9, 11:12 UTC: Pro-Russian group “NoName057(16)” claims distributed denial-of-service (DDoS) attacks against Israeli political parties and defense firm Elbit Systems. Note: This claim has not been verified.
March 9, 12:38 UTC: Hacktivist group “Handala” claims to have wiped Israeli military weather servers and intercepted Jerusalem urban security feeds. Note: This claim has not been verified.
March 9, 15:26 UTC: Reports confirm the MOIS-linked group “MuddyWater” has intruded into US aerospace and defense networks. Note: This claim has been verified based on Infosecurity Magazine reporting.
March 9, 16:06 UTC: The domestic internet blackout in Iran officially enters its sixth day. Note: This claim has been verified based on reporting.
U.S. infiltration
The report finds that state-sponsored actors linked to Iran’s Ministry of Intelligence and Security (MOIS) have successfully infiltrated US aerospace, defence, and aviation networks using a new backdoor. This campaign started in early February and has continued after the US and Israeli military strikes on Iran.
An example is MuddyWater (Seedworm / MOIS): This Iranian state-sponsored group reportedly hacked the networks of several organizations in the United States, including an aerospace and defense contractor, airports, banks, and an NGO. They deployed a new backdoor dubbed “Dindoor,” signed with a certificate issued to “Amy Cherne.” Note: This claim has been verified as TRUE based on Infosecurity Magazine reporting.
European targets
Furthermore, the conflict’s geographic scope has widened; a historic fatwa from Iraq-based Grand Ayatollah Sistani has called for collective defence, while Iranian intelligence is reportedly crowdsourcing espionage and potential attacks across Europe via messaging apps.
According to X reporting by Richard Holmes, Iranian intelligence is using Telegram to recruit a network of proxy spies and criminals across Europe for surveillance and potentially violent attacks, raising significant concerns among UK officials.
In the physical domain, Gulf states have sustained material damage to critical water and oil facilities, driving global oil prices upward. Within Iran, Mojtaba Khamenei has been officially appointed to succeed his father, signalling continuity in the regime’s strategic direction amid a continued nationwide internet blackout.
Mojtaba Khamenei, the second son of the late Ayatollah Ali Khamenei, was officially chosen as Iran’s new Supreme Leader, centralizing command following the initial decapitation strikes.
Israeli targets
Handala has claimed responsibility for breaching critical infrastructure in Israel. The group alleges they wiped military weather servers to disrupt aviation operations and intercepted urban security camera feeds in Jerusalem intended for the Israeli intelligence service, Shabak.
Note: This claim has not been verified.
In addition, Cyber Islamic Resistance (Team 313) has claimed multiple successful cyberattacks and site defacements against regional targets. This includes the official website of the Kurdish Peshmerga special forces in an attempt to warn against supporting anti-regime Kurdish groups. The group also claimed defacements of a Saudi medical care application (smcc[.]sa) and the Saudi University of Business and Technology (staging[.]ubt[.]edu[.]sa).
Note: These claims have not been verified.
Meanwhile, NoName057(16) is said to be continuing operations under the “#OpIsrael” banner, this pro-Russian group claimed DDoS attacks against Israeli political parties (SHAS, Noam); telecommunication companies (Sting TV, Hot Mobile, Expon 018); the municipality of Ariel; and defense contractor Elbit Systems.
Note: These claims have not been verified.
No comments:
Post a Comment