U.S. and Israeli strikes on Iran’s military infrastructure in late February 2026 triggered a rapid counter-mobilization by over 60 Iranian-aligned cyber groups, escalating AI-enhanced attacks on corporate targets.
Attack Tactics
These hackers, including Void Manticore (Handala) and 313 Team, used “no-malware” methods like hijacking Microsoft Intune to wipe Stryker’s devices, alongside ransomware, DDoS, and data-wiper operations aimed at eroding trust rather than theft. UK, Canada, Europol, and DHS issued heightened alerts, while Iran’s proxies claimed disruptions like shutting down the British Army site and linking cyber recon to physical strikes.
AI’s Role
AI tools from Palantir and U.S. systems enabled precise allied airstrikes, but lowered barriers for adversaries—allowing quick scans of vulnerable industrial controls and credentials. This democratizes sophisticated attacks, blending cyber with physical disruptions like UAE oil hub drones and Baghdad embassy assaults.
Business Risks
CISA faces staffing shortages amid shutdowns; Iran’s leadership losses spur decentralized proxy actions. CEOs must prepare for hybrid threats hitting supply chains, with Trump alleging Iranian AI disinformation. No firewall suffices—expect ongoing enterprise-scale psychological ops.
