Threat Assessment Update: Iran Cyberattacks

March 2, 2026

Mar 02, 2026

∙ Paid

This threat assessment is an update to our recently published advisory dated Feb 6, 2026. Given the ongoing US-led attacks against the Islamic Republic of Iran, our threat assessment regarding potential cyber attacks launched by IRGC affiliated actors is as follows.

Current Assessment

Practive Security finds it highly likely that IRGC-linked actors and those loyal to the Islamic Republic of Iran will use the cyber plane and Internet to conduct disruptive attacks against strategic targets in the US and Israel, likely following their expressed tools, techniques, and procedures (TTPs) of the past.

Organizations who are likely to be targeted by IRGC-linked attackers should assume attacks are imminent, and prepare accordingly.

It is also likely that if activated, these threat actors will provide intelligence support to on-the-ground operatives in Israel and in the US, including target selection, communication support, and coordinated physical/cyber attacks to ensure maximum effectiveness.

However, if the IRGC command hierarchy has been sufficiently disrupted, it may be possible that the proxies who conduct most Iranian cyber attacks may not act on behalf of the IRGC. As we have seen throughout the middle east, Iranian proxies are not operating as aggressively as initially expected. This may carry forward into the cyber domain since most cyber threat actors affiliated with Iran are believed to also be proxies, though that dynamic may also give the actors reason to operate independently.

Our full updated assessment continues from here including deeper analysis, potential targets and impact, recommendations, and comments.

Continue reading this post for free, courtesy of Matt Johnston.

Or purchase a paid subscription.