February 2026 saw a surge in cybersecurity threats, including sophisticated phishing scams, state-sponsored attacks, and emerging attack vectors. This report delves into key incidents and responses, highlighting the evolving tactics of cybercriminals and the measures taken by organizations and governments.
A Deep Dive into February 2026 Cybersecurity Incidents: From Phishing Scams to State-Sponsored Cyberattacks
Phishing scams remained a dominant threat in February 2026, with attackers leveraging fake messages and psychological manipulation to defraud individuals and organizations. Two notable cases underscored the scale and creativity of these campaigns:
- Mahanagar Gas Limited (MGL) Warns Customers Against Cyber Fraud: MGL issued a public advisory warning customers about fraudulent SMS and WhatsApp messages impersonating company officials. The scammers sent fake gas bill updates and disconnection threats, coercing victims into clicking malicious links or downloading APK files designed to steal personal and financial data. MGL clarified that its representatives never request bank details, OTPs, or APK downloads via unsolicited messages. Customers were urged to verify suspicious communications through MGL’s official channels, including its verified WhatsApp number (+91 9899203843) and helplines (022-68674500, 022-61564500). Despite ongoing awareness campaigns, some consumers fell victim to these scams, emphasizing the need for heightened vigilance. MGL’s advisory aligns with broader trends of utility-based phishing, where attackers exploit essential services to pressure victims into compliance. Reference: MGL Advisory (Mid-Day). More on financial fraud.
- Rise of ‘E-Challan’ SMS Phishing Scams: The Indian Cyber Crime Coordination Centre (I4C) alerted citizens to a surge in phishing scams involving fraudulent ‘e-challan’ SMS messages. Victims received texts mimicking official notifications from the M-Parivahan portal, threatening fines unless they visited fake websites to ‘settle’ violations. These sites harvested sensitive data, including payment details. The I4C advised verifying all traffic-related communications through official government channels. Reference: I4C Alert (Inshorts).
- Pune Businessman Defrauded of ₹4.97 Crore in Investment Scam: A 50-year-old Pune businessman lost ₹4.97 crore to cyber fraudsters who lured him with promises of 6% monthly returns on investments in a fictitious Ahmedabad-based company, ‘Pheonix Infinity Private Limited.’ Over 13 months (January 2025–February 2026), the victim transferred funds to multiple accounts controlled by scammers posing as company officials. The Pimpri-Chinchwad police registered an FIR under the Bharatiya Nyaya Sanhita (BNS) and IT Act, suspecting the use of fake identities. Investigations are ongoing to trace the mule accounts and collaborators. Reference: Pune Fraud Case (Indian Express). More on evolving cyber threats.
State-Sponsored Cyberattacks and Critical Infrastructure Threats
February 2026 saw one of the most aggressive cyber offensives in history, targeting Iran’s digital infrastructure amid geopolitical tensions. The attack, reportedly linked to Israel’s ‘Operation Roar of the Lion,’ crippled Iran’s communications, propaganda outlets, and critical systems, demonstrating the destructive potential of cyber warfare.
- Israel’s Cyberattack Plunges Iran into Digital Blackout: On February 28, 2026, Iran experienced an unprecedented cyberattack that reduced national internet connectivity to 4% of normal traffic, according to NetBlocks. The assault disrupted the Islamic Revolutionary Guard Corps (IRGC) communications, state news agencies (IRNA, Tasnim), and local government services across Tehran, Isfahan, and Shiraz. Key tactics included:
- DDoS and Electronic Warfare: Overwhelming Iran’s ‘national internet’ and jamming navigation/communication systems to hinder counterattacks.
- Propaganda Hijacking: Hackers defaced IRGC-affiliated sites with anti-regime messages and aired subversive content via hacked satellite broadcasts.
- Infrastructure Sabotage: Targeting energy and aviation systems to exacerbate chaos during the physical strikes of ‘Operation Roar of the Lion.’
Western intelligence sources noted the attack’s goal was to disrupt Iran’s ability to launch drones and missiles, leaving the regime isolated during the crisis. The scale and coordination of the offensive marked a new era in cyber warfare, blending kinetic and digital strategies. Reference: Israel-Iran Cyberattack (Jerusalem Post).
This attack underscores the evolving complexity of cyber warfare, where digital assaults are integrated into broader military operations. The incident highlights the vulnerability of critical infrastructure and the need for robust cyber defenses. For a deeper dive into the broader cybersecurity landscape and proactive defense strategies, refer to this expert analysis.
Emerging Attack Vectors and DNS Abuse
Cybercriminals continued to innovate, exploiting lesser-known infrastructure vulnerabilities to bypass traditional defenses. A standout example was the abuse of the .arpa domain space, reserved for internet infrastructure, to host phishing campaigns.
- Phishing Campaigns Weaponize Reserved .arpa Domain Space: Infoblox Threat Intel uncovered a novel phishing method where attackers abused reverse DNS records in the .arpa top-level domain (TLD) to host malicious content. Unlike conventional domains (e.g., .com), .arpa is designed for IP-to-domain mapping, not web hosting. Threat actors exploited a loophole in DNS providers’ controls to:
- Create IPv6 Tunnels: Acquiring large blocks of IP addresses to evade detection.
- Host Phishing Sites: Using reverse DNS records to deliver spam emails impersonating major brands, luring victims with ‘free gifts.’
- Bypass Security: Traditional defenses often ignore .arpa as a threat surface, allowing attacks to slip through.
Dr. Renée Burton, VP of Infoblox Threat Intel, warned that such abuses ‘weaponize the core of the internet,’ urging defenders to monitor DNS infrastructure more rigorously. The campaign highlights the need for DNS-level visibility to detect anomalies in non-standard domains. Reference: Phishing (MENAFN). For more on evolving cyber threats, see Evolving Cyber Threats.
Final words
February 2026’s cybersecurity landscape underscores the need for vigilance. Phishing scams are evolving, state-sponsored attacks are escalating, and new attack vectors are emerging. Proactive defense, collaboration, and adaptive strategies are crucial.