February 2026 saw a surge in high-stakes cybersecurity incidents, geopolitical cyber warfare, and sophisticated digital frauds. These events highlight the urgent need for enhanced cyber defenses and vigilance against emerging threats.
Geopolitical Cyber Warfare: Israel-Iran Escalation
The month saw unprecedented cyber and kinetic strikes between Israel and Iran, marking a new phase in hybrid warfare. On February 28, 2026, Iran experienced a near-total internet blackout, coinciding with Israeli airstrikes targeting nuclear and military sites. The operation, codenamed “Operation Roaring Lion” (Israel) and “Operation Epic Fury” (U.S.), crippled Iran’s National Information Network (NIN), state media, and military communications.
Key Developments:
- Digital Blackout: Independent monitors like NetBlocks and Cloudflare Radar confirmed the collapse of Iran’s internet infrastructure, affecting Tehran, Isfahan, and Shiraz. Mobile networks, banking systems, and government portals were paralyzed.
- Targeted Assassination: The strikes included the killing of Iran’s Supreme Leader Ayatollah Ali Khamenei, his family, and senior IRGC officials. Iran vowed “devastating retaliation,” while the U.S. warned of “force never seen before” (BBC News).
- Cyber Tactics Deployed:
- DDoS attacks on government/IRGC websites.
- Deep intrusions into aviation/energy infrastructure.
- Electronic warfare disrupting GPS and communications.
- Broadcast hijacking (e.g., anti-regime messages on state TV).
Strategic Impact: The cyber offensive aimed to degrade Iran’s missile/drone command-and-control, delaying retaliatory strikes. Analysts noted the operation’s goal was “paralysis, not just disruption” (The Register).
Expert Commentary: “This is battlefield shaping—cyber capabilities used to blind, isolate, and destabilize an adversary during kinetic strikes,” said a former NATO cyber defense advisor. The incident underscores the integration of cyber and conventional warfare, with digital attacks now serving as force multipliers.
IoT Vulnerabilities: Critical Infrastructure at Risk
A HackRead investigation revealed five IoT vulnerabilities that routinely derail projects, with 75% of IoT initiatives failing to reach production due to device-level flaws. The report highlighted real-world breaches with catastrophic consequences:
- AVTECH IP Cameras: 37,995 end-of-life cameras (used in critical infrastructure) were exposed online, exploited via CVE-2024-7029 (command injection flaw). The Corona Mirai botnet targeted these devices, using them for DDoS attacks and network infiltration. AVTECH ignored mitigation requests for five years (HackRead).
- Colonial Pipeline Ransomware Attack (2021): Initiated via a compromised VPN password (no MFA), leading to a $4.4M ransom payout and 5,500 miles of pipeline shutdown. Lessons included:
- Enforce MFA on all VPN accounts.
- Audit inactive accounts monthly.
- IP allowlisting for VPN access.
Other major IoT vulnerabilities included:
- Default Credentials: 820,000 daily attacks in 2025 exploited default IoT passwords. Shodan searches easily locate vulnerable devices. Mitigation strategies:
- Force credential changes during provisioning.
- Unique credentials per device.
- Automated alerts for default credentials.
Organizations must ensure robust firmware management to prevent technical debt. Only 29% of organizations test IoT devices for security before procurement. Recommendations include:
- Over-the-air (OTA) updates from day one.
- Cryptographic signing for update authenticity.
- Firmware testing environments mirroring production.
An expert warning from the Eseye 2025 State of IoT Report highlighted the rising cost of manufacturing breaches, reaching $4.97M in 2024 (Rise in Cyber Frauds).
Digital Fraud: ‘Digital Arrest’ Scam Drains ₹10.74 Crore in India
Pune Cyber Police busted a ‘digital arrest’ scam where two fraudsters—Harshad Dhantole (23) and Samarth Deshmukh (24)—duped an 82-year-old senior citizen of ₹10.74 crore ($1.3M). The scam involved impersonating CBI officers and staging a fake online court hearing to extort funds.
Modus Operandi:
- Initial Contact: Fraudsters posed as TRAI officials, claiming the victim’s phone number was linked to a Jet Airways scam.
- Fake Court Hearing: A ‘judge’ threatened arrest unless the victim transferred funds to ‘RBI verification accounts’ (mule accounts).
- 24-Hour Video Call: The victim was coerced into staying on a continuous video call while transferring ₹10.7 crore in seven transactions.
This scam exemplifies the evolving tactics of digital fraudsters, blending social engineering with technological deception. The extended duration and psychological manipulation underscore the sophistication of modern scams. The incident highlights the need for robust public awareness campaigns and stringent cybercrime laws. For more insights into the rising tide of cyber frauds, refer to Rise in Cyber Frauds.
State-Sponsored Cyber Threats: North Korea’s Dohdoor Backdoor
Cisco Talos uncovered a new backdoor malware, ‘Dohdoor’, linked to North Korean hacking group UAT-10027 (potentially Lazarus Group). The campaign targeted U.S. healthcare and education sectors since December 2025, using phishing and DLL sideloading.
Attack Chain:
- Initial Access: Phishing emails with PowerShell downloaders.
- Batch Script Dropper: Executes a malicious DLL (“propsys.dll” or “batmeter.dll”).
- Dohdoor Backdoor: Decrypts and loads Cobalt Strike Beacon via process hollowing.
- Evasion Techniques:
- DNS-over-HTTPS (DoH) via Cloudflare to bypass DNS security.
- NTDLL unhooking to evade EDR monitoring.
- C2 domains hosted on Cloudflare infrastructure.
The use of Cloudflare and DoH indicates a focus on operational security, making detection harder. The shift to healthcare/education may indicate new revenue streams for Pyongyang’s cyber operations. For more on the evolving cybersecurity landscape, see the cybersecurity landscape 2025-2026.
Mitigation Recommendations:
- Block DoH traffic from untrusted sources.
- Monitor for DLL sideloading (e.g., suspicious “propsys.dll” files).
- Isolate healthcare/education networks from high-risk sectors.
Final words
February 2026 highlighted the convergence of cybersecurity, geopolitics, and digital fraud. Organizations must adopt holistic resilience strategies to mitigate multidimensional impacts.
[…] MuddyWater has been active in various regions, using custom malware to breach defenses. Their attacks often target government and financial institutions, aiming to steal sensitive data or disrupt operations. The group’s use of custom tools makes detection and mitigation challenging. (Source: KCNet) […]
[…] For more information, refer to the Economic Times article. Additionally, for a deeper understanding of the evolving cyber threats and geopolitical cyber warfare, refer to our internal blog article Cybersecurity Threats and Geopolitical Cyber Warfare. […]
[…] aims to dismantle the group’s infrastructure. Further details are available on Security Affairs. Read more about similar cybercrime […]
[…] The EU’s horizontal cyber sanctions regime now covers 19 individuals and 7 entities. This signals a strong response to state-sponsored cyber threats. Organizations must audit supply chains for state-linked vulnerabilities. Aligning with EU/NIST cybersecurity frameworks is crucial to mitigate sanctions-related fallout. This trend highlights the escalating geopolitical tensions in cybersecurity. […]
[…] For more details, refer to the BBC article. For more on rising cyber threats and the geopolitical landscape, see our internal blog article. […]
[…] response drills. For more insights into ransomware trends and mitigation strategies, refer to our internal blog article on escalating cyber […]
[…] These incidents underscore the need for robust cyber defenses and international cooperation. Governments and organizations must strengthen their cybersecurity measures to counter these advanced threats. For a deeper dive into these topics, refer to our articles on cyber-kinetic conflicts and geopolitical cyber warfare. […]
[…] Rajasthan, two individuals were arrested for conducting cyber fraud worth Rs 90 lakh using fake links and over 100 SIM cards. The duo targeted victims through WhatsApp messages posing as trade […]
[…] vulnerabilities exploited by cybercriminals to breach trust and defraud unsuspecting individuals. Digital frauds have surged, necessitating stricter regulations and public awareness campaigns to mitigate these […]
[…] The gang’s operations highlight the intricate tactics employed by cybercriminals to exploit trust and infiltrate financial systems. Law enforcement’s swift action underscores the importance of collaborative efforts in combating cyber fraud. Check out the latest cybersecurity threats and geopolitical cyber warfare. […]
[…] LinkedIn denied misuse, stating the scripts target data-scraping tools. Experts recommend using Firefox/Safari or Brave’s fingerprinting protection to mitigate tracking. For more details, refer to the related […]
[…] scam targeting CEOs, CFOs, and finance teams. Fraudsters gain access to corporate networks via phishing emails, install malware, and hijack WhatsApp Web sessions to impersonate executives. Victims receive […]
[…] 330,000 complaints in 2025. Job scams are also proliferating amid a soft labor market, with the Federal Trade Commission reporting $220 million lost in H1 […]
[…] via phishing emails, installing malware to remotely control systems. They then exploit active WhatsApp Web sessions to impersonate senior executives, instructing finance teams to transfer funds urgently. This scam […]
[…] fraud targeting CEOs, CFOs, and finance teams. Cybercriminals gain access to corporate networks via phishing emails, then use WhatsApp Web to impersonate executives and instruct employees to transfer funds urgently. […]
[…] The ransomware-as-a-service (RaaS) model has become a significant concern in the cybersecurity landscape. Unlike traditional ransomware operations, RaaS allows cybercriminals to lease out their ransomware tools to affiliates, who then conduct the attacks. This model has led to a proliferation of ransomware attacks, as it lowers the barrier to entry for would-be cybercriminals. The affiliates typically pay a percentage of their earnings to the RaaS providers, creating a mutually beneficial arrangement. For more on the intricacies of the RaaS model, refer to our article on ransomware as a service. […]
[…] legal proceedings have stalled, with only 8 suspects facing charges. 14 members of GandCrab were arrested in different countries with cooperation of law enforcement agencies across the […]
[…] Conditional Access policies to block legacy authentication and enforce least-privilege access. Cybersecurity experts suggest these […]
[…] in Russia in 2022, legal proceedings have stalled, leaving many suspects at large. The FBI’s 2025 Internet Crime Report highlights ransomware as a top threat, with Akira, Qilin, and Play among the most reported […]
[…] has been arrested. The bank claims the issue has no material financial impact. Similar frauds at IDFC First Bank have raised concerns about institutional deposit […]
[…] schemes, where victims unknowingly grant fraudsters access to their crypto wallets. Led by the Ontario Securities Commission (OSC), Ontario Provincial Police, US Secret Service, and UK’s National Crime Agency, the initiative […]
[…] incident mirrors a growing trend of transnational cybercrime collaborations, where local actors provide crucial support for global fraud operations. The technical […]
[…] and engage with cyber risks. For instance, Gen Z’s digital natives may be more susceptible to social engineering via gaming platforms or crypto fraud, while older adults might fall prey to pension scams. This generational awareness […]
[…] by claiming unauthorized purchases, showcasing how emotional manipulation can override vigilance. AARP’s Kathy Stokes described AI as the “Industrial Revolution for fraud criminals”, enabling scalable, […]
[…] Web Monitoring: Proactive scanning for leaked credentials (as detailed in the blog cybersecurity threats: geopolitical cyber warfare digital frauds) can preempt account takeover (ATO) […]