This article is about ‘Ransomware 2026 Report January’.
The current escalation between Iran and Israel marks a significant shift from prolonged shadow confrontation to overt military exchange. What was historically characterized by proxy warfare, covert action, sabotage, and cyber operations has transitioned into direct kinetic engagement, increasing the risk of accelerated and less controllable escalation dynamics.
Parallel to the physical confrontation, a cyber front has rapidly emerged. ProIranian hacktivist groups have demonstrated high operational tempo, primarily conducting large-scale DDoS campaigns, website defacements, and opportunistic intrusion attempts against Israeli and regional targets.
In contrast, pro-Israeli cyber activity appears comparatively low-profile and attribution-challenged, with limited public claims despite reports of potential compromises affecting Iranian government-linked entities.
At present, the cyber threat landscape is dominated by disruption-focused activity rather than destructive or strategically crippling operations. However, historical patterns indicate that sustained kinetic escalation can create conditions for more advanced cyber campaigns, including targeted access operations, credential harvesting, influence operations, and selective attacks against high-value infrastructure
We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:
