February 2026 witnessed an alarming surge in cybersecurity threats, including advanced phishing scams, financial frauds, and state-sponsored cyberattacks. This report delves into the evolving tactics of cybercriminals and the global response to these growing threats.
State-Sponsored Cyberattacks and Critical Infrastructure Threats
February 2026 saw one of the most aggressive cyber offensives in history, targeting Iran’s digital infrastructure amid geopolitical tensions. The attack, reportedly linked to Israel’s ‘Operation Roar of the Lion,’ crippled Iran’s communications, propaganda outlets, and critical systems, demonstrating the destructive potential of cyber warfare.
On February 28, 2026, Iran experienced an unprecedented cyberattack that reduced national internet connectivity to 4% of normal traffic, according to NetBlocks. The assault disrupted the Islamic Revolutionary Guard Corps (IRGC) communications, state news agencies (IRNA, Tasnim), and local government services across Tehran, Isfahan, and Shiraz.
Key tactics included:
- DDoS and Electronic Warfare: Overwhelming Iran’s ‘national internet’ and jamming navigation/communication systems to hinder counterattacks.
- Propaganda Hijacking: Hackers defaced IRGC-affiliated sites with anti-regime messages and aired subversive content via hacked satellite broadcasts.
- Infrastructure Sabotage: Targeting energy and aviation systems to exacerbate chaos during the physical strikes of ‘Operation Roar of the Lion.’
Western intelligence sources noted the attack’s goal was to disrupt Iran’s ability to launch drones and missiles, leaving the regime isolated during the crisis. The scale and coordination of the offensive marked a new era in cyber warfare, blending kinetic and digital strategies. Israel-Iran Cyberattack.
State-Sponsored Cyberattacks and Critical Infrastructure Threats
February 2026 saw one of the most aggressive cyber offensives in history, targeting Iran’s digital infrastructure amid geopolitical tensions. The attack, reportedly linked to Israel’s ‘Operation Roar of the Lion,’ crippled Iran’s communications, propaganda outlets, and critical systems, demonstrating the destructive potential of cyber warfare.
On February 28, 2026, Iran experienced an unprecedented cyberattack that reduced national internet connectivity to 4% of normal traffic, according to NetBlocks. The assault disrupted the Islamic Revolutionary Guard Corps (IRGC) communications, state news agencies (IRNA, Tasnim), and local government services across Tehran, Isfahan, and Shiraz.
Key tactics included:
- DDoS and Electronic Warfare: Overwhelming Iran’s ‘national internet’ and jamming navigation/communication systems to hinder counterattacks.
- Propaganda Hijacking: Hackers defaced IRGC-affiliated sites with anti-regime messages and aired subversive content via hacked satellite broadcasts. The offensive showcased the integration of digital and physical warfare techniques.
- Infrastructure Sabotage: Targeting energy and aviation systems to exacerbate chaos during the physical strikes of ‘Operation Roar of the Lion.’
Western intelligence sources noted the attack’s goal was to disrupt Iran’s ability to launch drones and missiles, leaving the regime isolated during the crisis. The scale and coordination of the offensive marked a new era in cyber warfare, blending kinetic and digital strategies. The blend of cyber and physical strategies marked a new era in cyber warfare, showcasing the potential for state-sponsored attacks to cripple nations.
Emerging Attack Vectors and DNS Abuse
Cybercriminals continued to innovate, exploiting lesser-known infrastructure vulnerabilities to bypass traditional defenses. A standout example was the abuse of the .arpa domain space, reserved for internet infrastructure, to host phishing campaigns.
Infoblox Threat Intel uncovered a novel phishing method where attackers abused reverse DNS records in the .arpa top-level domain (TLD) to host malicious content. Unlike conventional domains (e.g., .com), .arpa is designed for IP-to-domain mapping, not web hosting. Threat actors exploited a loophole in DNS providers’ controls to create IPv6 tunnels, acquire large blocks of IP addresses to evade detection, and host phishing sites using reverse DNS records to deliver spam emails impersonating major brands, luring victims with ‘free gifts.’
This sophisticated attack highlights the need for proactive defense strategies. Dr. Renée Burton, VP of Infoblox Threat Intel, warned that such abuses ‘weaponize the core of the internet’, urging defenders to monitor DNS infrastructure more rigorously. The campaign highlights the need for DNS-level visibility to detect anomalies in non-standard domains. For more details, refer to the report.
Law Enforcement and Cybercrime Crackdowns
Authorities intensified efforts to dismantle cybercrime networks, with significant arrests and investigations into mule accounts and financial fraud.
A multi-state operation in India led to the arrest of 13 individuals linked to a sophisticated fraud syndicate. Investigators uncovered thousands of ‘mule’ bank accounts used to launder money from phishing, online scams, and identity theft. Bank officials are under scrutiny for potential complicity in opening or managing these accounts. The crackdown follows months of surveillance, with seized documents and devices pointing to fraud worth crores of rupees. Cybersecurity experts emphasized the role of weak KYC norms in enabling such schemes. Lack of stringent KYC norms in banking sectors has been a longstanding issue, allowing fraudsters to exploit loopholes for illicit activities. Law enforcement agencies are stepping up efforts to tighten regulations and enhance monitoring systems to curb such activities. Additionally, the use of advanced AI technologies in tracking financial transactions is being explored to detect and prevent fraudulent activities more effectively.
Final words
February 2026’s cybersecurity landscape highlighted the evolving sophistication of phishing scams, the destructive potential of state-sponsored cyber warfare, and the innovative use of non-traditional attack vectors. While law enforcement efforts are intensifying, significant gaps remain in KYC norms and DNS security. The integration of AI in cybersecurity operations shows promise, but requires careful human oversight. As cyber threats continue to evolve, proactive defense, collaboration, and adaptive strategies will be crucial. Contact us for more information.