Date: 03/03/2026
Severity: Critical
Summary
On Feb. 28, 2026, the United States and Israel launched a joint offensive—Operation Epic Fury (U.S.) and Operation Roaring Lion (Israel). In response, Iran initiated a multi-vector retaliatory campaign that has expanded into a broader trans-regional conflict. An increase in cyberattacks from activist groups outside Iran has been observed. However, nation-state cyber activity originating within Iran is likely limited in the near term. As of the morning of Feb. 28, 2026, Iran’s internet connectivity dropped to approximately 1–4%. This severe connectivity loss and disruption to leadership and command structures are expected to hinder coordinated, sophisticated state-aligned cyber operations temporarily.
Indicators of Compromise (IOC) List
IP Address : | https:www.shirideitch.com/wp-content/uploads/2022/06/RedAlert.apk https://api.ra-backup.com/analytics/submit.php https://bit.ly/4tWJhQh |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | domainname like "https://bit.ly/4tWJhQh" or url like "https://bit.ly/4tWJhQh" or siteurl like "https://bit.ly/4tWJhQh" or domainname like "https://api.ra-backup.com/analytics/submit.php" or url like "https://api.ra-backup.com/analytics/submit.php" or siteurl like "https://api.ra-backup.com/analytics/submit.php" or domainname like "https:www.shirideitch.com/wp-content/uploads/2022/06/RedAlert.apk" or url like "https:www.shirideitch.com/wp-content/uploads/2022/06/RedAlert.apk" or siteurl like "https:www.shirideitch.com/wp-content/uploads/2022/06/RedAlert.apk" |
Reference:
https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/