Security experts warn of increasing cyberattacks

As military conflict tensions rise between Iran, Israel, and the US, security experts warn of increasing cyberattacks targeting your devices.

The bombs might be falling in the Middle East, but the digital fallout could land in your office. That’s the warning from cybersecurity researchers at Palo Alto Networks’ Unit 42, who are increasingly concerned that Iran’s state hackers will turn their attention to Western targets.

Separate analysis from EclecticIQ highlighted a “significant uptick” in cyberattacks following the most recent escalation in the Middle East, which is currently in a fragile ceasefire. However, as Unit 42 explains, further escalations could unleash a wave of disruption from both government-backed hacking groups and independent hacktivists.

From AI to espionage: Iran’s growing cyberattacks arsenal

Earlier this week, British PM Sir Keir Starmer warned businesses to double their cybersecurity efforts following the escalation in the Middle East combined with existing threats from adversaries such as Russia amid their ongoing invasion of Ukraine.

Speaking at a NATO Summit, Sir Keir said nations like Iran and Russia are carrying out cyberattacks “on a regular basis” and we had “to be prepared for them”. He further added that such cyberattacks should be considered “an attack on our country.”

What’s extra concerning is how adaptable threat actors like Iran have become—they’re not just using the same old tricks, they’re embracing technologies like AI for their cyberattacks.

Over the past couple of years, Iranian hackers have been busy expanding their global reach. Security researchers have caught them red-handed using generative AI to craft more believable phishing messages while explicitly connecting their destructive attacks to world events to maximise psychological impact.

The tactics are as creative as they are concerning. In one recent case, Iranian operatives set up an elaborate fake German modelling agency website. But rather than scouting for runway talent, they were harvesting sensitive data from unsuspecting visitors.

Even more troubling was the discovery that an Iranian group called Agent Serpens (or CharmingKitten, as some researchers call them) had used AI to create convincing fake documents purportedly from RAND Corporation, a respected American think tank. This wasn’t merely showing off technical prowess—it was paired with dangerous malware designed to compromise victims’ systems.

What a digital conflict with Iran looks like

For those wondering what Iranian cyberattacks look like in practice, the report points to a disturbing campaign against Israeli schools and tech companies last year. The group behind it – known as Agonizing Serpens – didn’t just steal sensitive personal information and intellectual property, they deployed destructive “wiper” malware designed to obliterate entire computer systems and make recovery as difficult as possible.

With tensions continuing to simmer, security experts have mapped out four likely scenarios for cyber activity in the coming weeks:

1. Iranian government hackers will almost certainly ramp up targeted attacks—everything from cleverly disguised emails aimed at diplomats to destructive malware targeting businesses with connections to American interests.

2. We can expect hacktivists supporting Iran to launch disruptive attacks and influence operations. These might look like websites suddenly crashing under the weight of coordinated denial-of-service attacks or social media campaigns spreading misinformation designed to shape public opinion.

3. Opportunistic cybercriminals with no political agenda will inevitably try to capitalise on the chaos, launching phishing campaigns that play on people’s fears and curiosity about the unfolding crisis.

4. Other nation-states might use the confusion to launch their own attacks while making it look like Iran is responsible. This “false flag” tactic isn’t theoretical; Russia previously hijacked Iran’s hacking infrastructure in 2019 to piggyback into already-compromised networks.

What makes hacking groups from Iran particularly interesting is their variety of specialisations for cyberattacks. Unit 42 tracks these actors under the constellation name “Serpens,” with each group having distinct tactics and targets.

Some, like Agent Serpens, focus on surveillance of activists and journalists who criticise the Iranian government. Others, like Industrial Serpens, specialise in disruptive attacks including ransomware and data destruction that align with state interests.

The tactics may differ, but the common thread is an increasing sophistication that should worry both government agencies and private businesses. These aren’t script kiddies playing around. These are well-resourced teams with clear objectives and the technical ability to cause serious harm.

Already, security researchers have documented 120 hacktivist groups actively participating in cyber operations related to the current tensions. Their favourite weapon? Denial-of-Service attacks that can knock websites offline, though destructive malware like data wipers is becoming increasingly common.

Protecting yourself from the crossfire

So what can ordinary businesses and individuals do to avoid becoming collateral damage in this digital conflict with threat actors like Iran?

Security experts recommend a common-sense approach rather than panic. The basics still matter most: Keep your systems updated, train your staff to recognise phishing attempts, and have solid backups of everything important.

For organisations, this means being especially vigilant about internet-facing assets—websites, VPN gateways, and cloud services that connect directly to the public internet. These represent the most accessible entry points for attackers.

It’s also worth preparing for the possibility that your organisation might be falsely accused of being breached. As Unit 42’s report notes, “Threat actors might use claims – even untrue ones – to embarrass or harass victims, or to disseminate political narratives.” Having a communications plan ready can help minimise reputational damage from such false allegations.

Perhaps most importantly, now isn’t the time for complacency. As this shadow war through cyberattacks with nation states like Iran continues to evolve alongside physical conflicts, staying alert to unusual activity on your networks isn’t just good practice; it might be what prevents your organisation from becoming the next cautionary tale.

See also: Salt Typhoon: Chinese hackers compromise Canadian networks

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: cybersecurity, ddos, hacking, infosec, iran, malware, middle east, networks, palo alto networks, Security, unit 42