February 2026 saw a surge in high-stakes cybersecurity incidents, geopolitical cyber warfare, and sophisticated digital frauds. These events highlight the urgent need for enhanced cyber defenses and vigilance against emerging threats.
Geopolitical Cyber Warfare: Israel-Iran Escalation
The month saw unprecedented cyber and kinetic strikes between Israel and Iran, marking a new phase in hybrid warfare. On February 28, 2026, Iran experienced a near-total internet blackout, coinciding with Israeli airstrikes targeting nuclear and military sites. The operation, codenamed “Operation Roaring Lion” (Israel) and “Operation Epic Fury” (U.S.), crippled Iran’s National Information Network (NIN), state media, and military communications.
Key Developments:
- Digital Blackout: Independent monitors like NetBlocks and Cloudflare Radar confirmed the collapse of Iran’s internet infrastructure, affecting Tehran, Isfahan, and Shiraz. Mobile networks, banking systems, and government portals were paralyzed.
- Targeted Assassination: The strikes included the killing of Iran’s Supreme Leader Ayatollah Ali Khamenei, his family, and senior IRGC officials. Iran vowed “devastating retaliation,” while the U.S. warned of “force never seen before” (BBC News).
- Cyber Tactics Deployed:
- DDoS attacks on government/IRGC websites.
- Deep intrusions into aviation/energy infrastructure.
- Electronic warfare disrupting GPS and communications.
- Broadcast hijacking (e.g., anti-regime messages on state TV).
Strategic Impact: The cyber offensive aimed to degrade Iran’s missile/drone command-and-control, delaying retaliatory strikes. Analysts noted the operation’s goal was “paralysis, not just disruption” (The Register).
Expert Commentary: “This is battlefield shaping—cyber capabilities used to blind, isolate, and destabilize an adversary during kinetic strikes,” said a former NATO cyber defense advisor. The incident underscores the integration of cyber and conventional warfare, with digital attacks now serving as force multipliers.
IoT Vulnerabilities: Critical Infrastructure at Risk
A HackRead investigation revealed five IoT vulnerabilities that routinely derail projects, with 75% of IoT initiatives failing to reach production due to device-level flaws. The report highlighted real-world breaches with catastrophic consequences:
- AVTECH IP Cameras: 37,995 end-of-life cameras (used in critical infrastructure) were exposed online, exploited via CVE-2024-7029 (command injection flaw). The Corona Mirai botnet targeted these devices, using them for DDoS attacks and network infiltration. AVTECH ignored mitigation requests for five years (HackRead).
- Colonial Pipeline Ransomware Attack (2021): Initiated via a compromised VPN password (no MFA), leading to a $4.4M ransom payout and 5,500 miles of pipeline shutdown. Lessons included:
- Enforce MFA on all VPN accounts.
- Audit inactive accounts monthly.
- IP allowlisting for VPN access.
Other major IoT vulnerabilities included:
- Default Credentials: 820,000 daily attacks in 2025 exploited default IoT passwords. Shodan searches easily locate vulnerable devices. Mitigation strategies:
- Force credential changes during provisioning.
- Unique credentials per device.
- Automated alerts for default credentials.
Organizations must ensure robust firmware management to prevent technical debt. Only 29% of organizations test IoT devices for security before procurement. Recommendations include:
- Over-the-air (OTA) updates from day one.
- Cryptographic signing for update authenticity.
- Firmware testing environments mirroring production.
An expert warning from the Eseye 2025 State of IoT Report highlighted the rising cost of manufacturing breaches, reaching $4.97M in 2024 (Rise in Cyber Frauds).
Digital Fraud: ‘Digital Arrest’ Scam Drains ₹10.74 Crore in India
Pune Cyber Police busted a ‘digital arrest’ scam where two fraudsters—Harshad Dhantole (23) and Samarth Deshmukh (24)—duped an 82-year-old senior citizen of ₹10.74 crore ($1.3M). The scam involved impersonating CBI officers and staging a fake online court hearing to extort funds.
Modus Operandi:
- Initial Contact: Fraudsters posed as TRAI officials, claiming the victim’s phone number was linked to a Jet Airways scam.
- Fake Court Hearing: A ‘judge’ threatened arrest unless the victim transferred funds to ‘RBI verification accounts’ (mule accounts).
- 24-Hour Video Call: The victim was coerced into staying on a continuous video call while transferring ₹10.7 crore in seven transactions.
This scam exemplifies the evolving tactics of digital fraudsters, blending social engineering with technological deception. The extended duration and psychological manipulation underscore the sophistication of modern scams. The incident highlights the need for robust public awareness campaigns and stringent cybercrime laws. For more insights into the rising tide of cyber frauds, refer to Rise in Cyber Frauds.
State-Sponsored Cyber Threats: North Korea’s Dohdoor Backdoor
Cisco Talos uncovered a new backdoor malware, ‘Dohdoor’, linked to North Korean hacking group UAT-10027 (potentially Lazarus Group). The campaign targeted U.S. healthcare and education sectors since December 2025, using phishing and DLL sideloading.
Attack Chain:
- Initial Access: Phishing emails with PowerShell downloaders.
- Batch Script Dropper: Executes a malicious DLL (“propsys.dll” or “batmeter.dll”).
- Dohdoor Backdoor: Decrypts and loads Cobalt Strike Beacon via process hollowing.
- Evasion Techniques:
- DNS-over-HTTPS (DoH) via Cloudflare to bypass DNS security.
- NTDLL unhooking to evade EDR monitoring.
- C2 domains hosted on Cloudflare infrastructure.
The use of Cloudflare and DoH indicates a focus on operational security, making detection harder. The shift to healthcare/education may indicate new revenue streams for Pyongyang’s cyber operations. For more on the evolving cybersecurity landscape, see the cybersecurity landscape 2025-2026.
Mitigation Recommendations:
- Block DoH traffic from untrusted sources.
- Monitor for DLL sideloading (e.g., suspicious “propsys.dll” files).
- Isolate healthcare/education networks from high-risk sectors.
Final words
February 2026 highlighted the convergence of cybersecurity, geopolitics, and digital fraud. Organizations must adopt holistic resilience strategies to mitigate multidimensional impacts.