Iran Conflict Expands Across Region with Airstrikes, Cyberattacks, and Strait of Hormuz Disruptions

On March 12-13, 2026, the military conflict between Iran and the opposing coalition expanded across multiple fronts in the Middle East, according to Flashpoint’s latest update. The Israeli military conducted large-scale airstrikes on Tehran, while Iranian forces and allied proxies retaliated with ballistic missile and drone attacks targeting Israeli territory, as well as US and allied military assets. Concurrently, multiple hacktivist groups launched a coordinated wave of cyberattacks against Israeli, Emirati, Qatari, and Kuwaiti entities. Additionally, there are reports of a leadership crisis in Tehran and ongoing disruptions to global maritime trade in the Strait of Hormuz.

• Expansion of the Kinetic Theater: Military engagements and attacks expanded beyond the primary belligerents to include incidents in Saudi Arabia, Turkey, Iraq, Bahrain, and Cyprus.

• Intensified Aerial Campaign: The Israeli military stated that over 90 fighter jets fired approximately 200 munitions at command centers and military infrastructure in Tehran. Iran reportedly retaliated with missile strikes toward Israel.

• Leadership Vacuum: Iran’s new Supreme Leader, Ayatollah Mojtaba Khamenei, is reportedly in a coma and has lost one or both legs after being seriously wounded in an airstrike

• Maritime Confrontations: Iran declared the Strait of Hormuz closed. A US helicopter reportedly fired on an Iranian vessel that approached the USS Abraham Lincoln in the Persian Gulf.

• Coordinated Cyber Offensive: Multiple hacktivist groups claim to have conducted concurrent cyberattacks ranging from Distributed Denial-of-Service (DDoS) disruptions to data wiping and ransomware deployments.

Timeline of Key Events

• March 12, 22:58 UTC: A US helicopter fired two Hellfire missiles at an Iranian vessel that approached the aircraft carrier USS Abraham Lincoln in the Persian Gulf.
• March 13, 00:14 UTC: Saudi Arabia’s Ministry of Defense announced the interception and destruction of 12 drones that entered its airspace.

• March 13, 00:25 UTC: An air raid siren was activated at Incirlik Air Base in Turkey amid reports of an Iranian ballistic missile attack.
• March 13, 00:38 UTC: The Islamic Resistance in Iraq claimed responsibility for shooting down a U.S. KC-135 aircraft.
• March 13, 01:12 UTC: Reports indicated Iran fired another wave of ballistic missiles toward Israel, with one achieving a direct hit on a building in northern Israel.
• March 13, 03:48 UTC: Saudi Arabia’s Ministry of Defense reported the interception and destruction of an additional four drones in its eastern and central regions.
• March 13, 05:12 UTC: The Israeli military announced that over 90 fighter jets conducted two waves of airstrikes against command centers and military bases in Tehran.
• March 13, 06:17 UTC: Reports emerged that a drone strike, allegedly originating from Lebanon, hit the UK’s RAF Akrotiri base in Cyprus.

Cyber Threats & Attacks

• Handala: The group claimed a major data wipe and exfiltration attack against the Hebrew University of Jerusalem. They allegedly erased over 48 terabytes of data and exfiltrated 23 terabytes of confidential information. The group shared an image showing multiple disconnected network drives to corroborate the claim.
• Cyber Islamic Resistance & 313 Team: These groups claimed responsibility for a ransomware attack against Israeli firm MEGINIM DATA SERVICES. The group alleged the network was encrypted and demanded a payment of 500,000 USD in Monero. The group also leaked a spreadsheet containing what appears to be the Personally
• Identifiable Information (PII) of the company’s employees. Additionally, the 313 Team claimed DDoS attacks against the UAE Ministry of Interior and website defacements in Kuwait.
• Khatam Suleiman: The group announced it had breached Israeli military systems. They claimed to have gained access to military files and personnel data related to the Ramat David Airbase.
• NoName057(16): This pro-Russian group claimed responsibility for DDoS attacks that made numerous government and insurance websites unavailable in Cyprus and Israel.
• Gardium: The group claimed a DDoS attack that disrupted the Qatar University portal.

Physical Threats to Western Entities

• US and NATO Military Bases: US and allied military bases in Iraq, Turkey, Bahrain, and Cyprus have been targeted. Incidents include a drone strike on RAF Akrotiri in Cyprus and reports of ballistic missiles targeting Incirlik Air Base in Turkey. The IRGC also claimed missile and drone attacks against the US Fifth Fleet headquarters in Bahrain.
• Aviation and Personnel: The Islamic Resistance in Iraq claimed to have shot down a US KC-135 aircraft. The group also announced a 150 million IQD bounty for information leading to the arrest or neutralization of high-ranking US military or intelligence officials.
• Maritime Logistics: Iran declared the Strait of Hormuz closed, disrupting global commerce. At least 16 commercial vessels have been attacked in the region.

• Physical Security: Heighten perimeter security and situational awareness, specifically in Turkey, Cyprus, and Bahrain, due to the demonstrated expansion of drone and missile targeting. Personnel in Iraq should adhere strictly to operational security protocols in light of the bounties placed on US officials.

• Maritime Logistics: Consider rerouting shipping away from the Strait of Hormuz and the Persian Gulf. Iran continues to enforce a blockade and directly engage naval assets.

• Cyber Defense: Organizations should monitor for DDoS activity, given coordinated campaigns by groups such as NoName057(16) and Gardium. Additional attention should be given to securing unauthorized access.

Strategic Outlook

The reported incapacitation of Iran’s new Supreme Leader, Mojtaba Khamenei, likely exacerbates the existing leadership vacuum in Tehran. In the maritime domain, the blockade of the Strait of Hormuz and ongoing attacks on commercial shipping will likely continue to disrupt global energy markets and supply chains. The concurrent cyber campaigns indicate that regional entities will continue to face threats aimed at data destruction, disruption, and extortion.

The conflict remains in a state of volatility characterized by a leadership transition in Tehran and a sophisticated shift in cyber warfare,  according to Flashpoint’s latest update. Following the elimination of the previous supreme leadership, conflicting reports on the health status of the new Supreme Leader are emerging. Concurrently, the pro-Iranian hacktivist group Handala Hack appears to have transitioned from traditional malware to “Living-off-the-Land” (LOTL) tactics, utilizing legitimate cloud administrative tools for large-scale data destruction. On the ground, the Iranian military (IRGC and Artesh) shows signs of significant internal fracturing due to severe supply shortages and rising desertions.

• Regime Continuity and Consolidation: Following the confirmed death of Supreme Leader Ali Khamenei, his son Mojtaba Khamenei has been officially appointed as the new Supreme Leader. Although the Iranian regime is attempting to demonstrate the new Supreme Leader is active and capable of leadership, through the recent issuance of a written statement broadcast on state TV, multiple unconfirmed sources are reporting Mojtaba Khamenei lost a leg in a recent attack and is in a coma. 
• “Living-off-the-Land” Cyber Shift: The attack on Stryker Corporation reportedly utilized legitimate cloud administrative tools rather than traditional malware to perform destructive “remote wipe” commands.
• Iranian Military Fragility: Evidence of desertions and active “Army-IRGC tensions”—including the refusal to transport wounded regular army soldiers—suggests the Iranian military system is under unsustainable internal stress.

Timeline of Key Events (March 12, 2026)

• 04:15 UTC: Reports emerge of severe cracks in Iran’s armed forces, with some frontline units receiving only 20 bullets for every two soldiers.
• 07:30 UTC: Pro-Iran hacktivist group Handala claims to have exfiltrated over 50,000 confidential emails from Raz Zimmt, a senior Israeli analyst.
• 09:45 UTC: Israel Railways display screens are compromised, broadcasting fake “Iranian missile warning” messages to passengers.
• 11:00 UTC: Poland announces it foiled a cyberattack on its national nuclear center, with intelligence pointing to possible Iranian origins.

• 14:20 UTC: Stryker Corporation confirms a disruption to its Microsoft environment; reports indicate the threat actor used legitimate cloud services to issue “remote wipe” commands.
• 16:00 UTC: Reports confirm Ismail Dehghan, a commander in the IRGC Aerospace Force, was assassinated in Arak, central Iran.

• 18:00 UTC: A written statement from the new Supreme Leader, Mojtaba Khamenei, is read on state TV, vowing that the Strait of Hormuz will remain closed as a “tool of pressure”. This statement was issued despite conflicting claims that the new Supreme Leader has lost a leg and is in a coma. 

Cyber Threats & Attacks

• Handala Hack Team (Stryker Incident):

• • Tactics: Rather than using traditional wiper malware, attackers allegedly compromised native Microsoft remote administration tools to issue “remote wipe” commands against all connected devices.
  • Claimed Impact: The group claimed to have wiped 200,000 systems across 79 countries and exfiltrated 50TB of data.

• • Expansion of Financial Targeting: The Iranian-linked group Handala claimed a sophisticated breach of payment processor Verifone, specifically alleging the extraction of financial data and disruption of Israeli terminals; however, Verifone has officially disputed the claim, stating they found no evidence of an incident or service disruption, which suggests the operation may be a state-sponsored psychological effort aimed at undermining confidence in Israel’s financial infrastructure.
• Psychological Operations (PSYOPS):

• • Israel Railways: Hackers manipulated display boards to spread misinformation and panic among the civilian population.
• Coordinated Regional Attacks: Multiple groups under the “Cyber Islamic Resistance” banner alleged attacks on the Romanian National Tax Agency, VigilAir, and PayPlus.

Physical Threats to Western Entities

• Energy Assets: Iranian forces have targeted critical regional infrastructure, including a successful strike against a US radar system in Qatar and a THAAD system in the UAE.

• Economic Impact: Dubai hotel prices have crashed as Western personnel flee, with luxury rooms near the Burj Khalifa falling to $200 per night.

• Commercial Shipping: Approximately 19 commercial vessels have been damaged in the Persian Gulf, and LNG exports from Qatar have been halted.

Security Recommendations

• Cyber (Cloud Infrastructure): Organizations using Microsoft Intune or Entra must audit administrative roles immediately. Disable “Remote Wipe” capabilities for all non-essential administrators to mitigate LotL attacks.
• Physical (Exclusion Zones): Personnel at Western tech hubs or financial branches in the Gulf should relocate, as the IRGC has designated a one-kilometer danger zone around these facilities.
• Logistics: Transition to overland routes via Saudi Arabia; assume the Strait of Hormuz will remain impassable for the foreseeable future.

Strategic Outlook (48-72 Hours)

Expect the Iranian regime to maintain an aggressive “offensive defense” posture to project stability despite military fracturing. The shift toward “Living-off-the-Land” cyber attacks suggests traditional intrusion detection mechanisms like malware IOC signature-based detection may be ineffective against more sophisticated threats like Handala. The US and Israel are expected to continue degrading IRGC command and internal security structures, while military analysts suggest that a ground operation to seize the Iranian coastline may become necessary to reopen the Strait of Hormuz as global energy pressures mount.

March 11, 2026, marked the 12th day of the conflict, characterized by a massive escalation in Iranian-backed hybrid warfare and a strategic shift in targeting according to Flashpoint’s latest update. While kinetic exchanges between Iran and the U.S.-Israeli coalition continued, the day’s most significant development was a catastrophic wiper attack against global medical technology leader Stryker Corporation and a formal expansion of Iran’s target list to include Western financial and technological infrastructure. 

Concurrently, the Islamic Revolutionary Guard Corps (IRGC) intensified its maritime blockade in the Strait of Hormuz, causing a surge in global energy prices and the preemptive closure of Western banking branches in the Gulf.

Key Takeaways

• Expansion of Economic Targets: The IRGC-owned Khatam al-Anbiya Headquarters formally designated Western banks and technology firms (specifically those with cloud or military ties) as legitimate military targets.
• Catastrophic Cyber Strike: The group “Handala” executed a global wiper attack against Stryker Corporation, claiming to have crippled 200,000 systems across 79 countries.
• Maritime & Energy Blockade: Iranian forces successfully disrupted transit through the Strait of Hormuz, attacking multiple commercial vessels and forcing the shutdown of major regional refineries.
• Financial Sector Preemptive Measures: Major Western financial institutions, including HSBC, have begun closing branches in Gulf nations (e.g., Qatar) following IRGC threats against banking facilities.

Timeline of Key Events (March 11, 2026)

• 04:30 UTC: Handala begins hinting at a major cyber operation on its Telegram channel.
• 07:15 UTC: IRGC-affiliated Tasnim News Agency publishes a “new targets” list including Amazon (AWS), Google, Microsoft, and Nvidia.
• 09:15 UTC: Reports emerge of a total operational shutdown at Stryker Corporation offices globally.
• 11:00 UTC: IRGC forces attack the Thai-flagged Mayuree Naree and the Israeli-owned Express Roomnear the Strait of Hormuz.
• 13:30 UTC: HSBC sends emergency text messages to customers in Qatar announcing the immediate closure of all branches until further notice.
• 14:45 UTC: Iran launches drone and missile volleys targeting U.S. Fifth Fleet HQ (Bahrain) and Al-Udeid Air Base (Qatar).
• 18:20 UTC: The ADNOC Ruwais refinery in the UAE halts operations following a targeted drone strike.
• 21:00 UTC: Handala releases proof-of-access screenshots for Verifone’s management systems.

Cyber Threats & Attacks

Handala Wiper Attack on Stryker Corporation

• Target: Stryker Corporation (SYK), a $137B U.S. medical technology leader.
• Claimed Impact: Handala claimed to have wiped 200,000 systems and mobile devices, exfiltrated 50 terabytes of data, and defaced corporate Entra login pages.
• Stated Motivation: Retaliation for a strike on the “Minab school” and Stryker’s 2019 acquisition of the Israeli firm OrthoSpace.
• Technical Status: While Handala claims a global shutdown, verification is ongoing; however, the group provided screenshots of internal management systems as “proof.”

Threats to Tech & Cloud Infrastructure

The IRGC has specifically named several U.S. tech giants as targets due to their Israeli ties or cloud services:

• Cloud Providers: Amazon (AWS), Google, Microsoft, Oracle, and IBM.
• Hardware/AI: Nvidia and Palantir.
• Financials: Regional banking centers linked to the U.S. and Israel. Iranian officials have warned civilians to maintain a one-kilometer radius from these facilities.

Physical Threats to Western Entities

• Banking Infrastructure: Following IRGC threats, HSBC has shuttered all operations in Qatar. Other Western banks in the UAE and Kuwait are reportedly considering similar measures.
• Energy Assets: The strike on the Ruwais refinery (UAE) demonstrates Iran’s intent to dismantle the energy export capabilities of U.S. allies in the region.
• Commercial Shipping: Iran has explicitly vowed to prevent oil passage for its adversaries, evidenced by the kinetic strikes on the Mayuree Naree and Express Room.

Security Recommendations

• Cyber (Critical): Organizations using Intune or Entra for device management must audit administrative roles immediately. Disable “Remote Wipe” capabilities for non-essential administrators to mitigate “Handala-style” wiper attacks.
• Physical (Banking/Tech): Personnel at Western tech hubs or financial branches in the Gulf should relocate to remote work or exit the “one-kilometer danger zone” identified by the IRGC.
• Maritime: All commercial traffic is advised to bypass the Strait of Hormuz. Use overland transit through Saudi Arabia for critical supplies.

Strategic Outlook

The conflict has shifted from a purely military engagement to a total economic and technological war. Over the next 48–72 hours, expect continued cyber probes against the named “Tasnim List” tech companies. The closure of regional banking branches suggests that Western private entities now view the Iranian “civilian warning” as a credible indicator of imminent kinetic or sabotage operations. Brent crude is expected to remain volatile above $91/barrel as long as the Hormuz blockade and refinery strikes persist. 

On March 17, Flashpoint’s intel team is hosting a live briefing on U.S.–Israel Military Strikes on Iran and Tehran’s retaliation. 

We will provide a situational update on the following: 

• Kinetic Expansion: Analysis of combat operations and strikes within Iran and across the broader region.
• Cyber Landscape: Assessment of current threat actor activity, digital disruptions, and intercepted “chatter.”
• Strategic Prospectus: Our outlook and projections for the next phase of the conflict.

Register Here

According to the latest update from Flashpoint on March 10, 2026, the conflict has entered a period of entrenched, decentralized warfare following the activation of Iran’s “Mosaic Defense” protocol. While the United States has clarified its strategic end-state—concluding operations only when Iran’s ballistic missile, nuclear, and proxy capabilities no longer pose a “credible and direct threat”—the immediate tactical environment is characterized by autonomous retaliatory strikes.

Key Takeaways

• Activation of “Mosaic Defense”: Iran’s retaliatory strikes are now being managed by decentralized provincial commands, ensuring continuity of fire despite the loss of central leadership.

• Severe Economic and Maritime Disruption: The effective closure of the Strait of Hormuz has led global shipping giant MSC to suspend all exports from Gulf ports, threatening global supply chains and driving energy market volatility.

• Iranian Banking Targeted: Cyber warfare has escalated, with major Iranian banks (Bank Melli and Bank Sepah) being reportedly taken offline.

Timeline of Key Events (March 10, 2026)

• 13:45 UTC: Several unconfirmed sources report that Bank Melli Iran and Bank Sepah are unable to provide services following suspected cyberattacks.  

• 15:20 UTC: A drone strike on the Ruwais industrial complex in Abu Dhabi forces the closure of the Middle East’s largest oil refinery.

• 18:00 UTC: The UAE Defense Ministry reports intercepting hundreds of projectiles, confirming six deaths and over 122 injuries within the 24-hour window.

Cyber Threats & Attacks

• NoName057(16): This pro-Russian group conducted extensive DDoS attacks against both Cypriot and Israeli infrastructure, hitting the national water company Mekorot and the UAV firm E.M.I.T. Aviation. Note: This claim has not been verified.

• BD Anonymous & MrSutrator Alliance: This newly formed pro-Palestinian alliance launched “Operation Electronic Holocaust,” specifically targeting Israeli defense contractor Rafael. Note: This claim has not been verified.

• DieNet: The group issued warnings of a “worst-case scenario” for Israel’s cyber infrastructure and claimed past responsibility for disrupting government websites. Note: This claim has not been verified.

Physical Threats to Western Entities

• Energy Infrastructure: The Ruwais oil refinery in the UAE and oil facilities in Haifa, Israel, remain under direct threat, with some operations already suspended due to kinetic damage.

• Maritime Logistics: Western commercial interests are severely impacted by the suspension of MSC operations in the Persian Gulf and the continued blockade of the Strait of Hormuz.

• US Military Bases: Bases at Al-Dhafra (UAE), Harir (Iraqi Kurdistan), and the “Victoria base” in Iraq continue to face missile and drone barrages from the IRGC and affiliated militias.

Security Recommendations

• Cyber Defense: Organizations must heighten monitoring for DDoS activity.

• Maritime Security: Shipping companies should follow MSC’s lead in suspending Gulf port exports until the Strait of Hormuz can be secured by international naval forces.

• Infrastructure Protection: Energy and water facilities in the GCC must increase air defense integration, as Iran is targeting these “lifeline” utilities.

Strategic Outlook

The conflict is expected to continue over the next 48-72 hours. Although on March 9, 2026, US President Trump announced the war with Iran would end “soon,” in the most recent White House Press Briefing on March 10, it was affirmed the conflict would continue until Iran no longer poses a “credible and direct threat” to the US. 

Because Iran’s “Mosaic Defense” doctrine is decentralized, there is no single “off-switch,” meaning localized Iranian commanders could continue their pre-authorized strike cycles regardless of any high-level diplomatic attempts. 

According to Flashpoint’s March 6, 2026, update, the conflict continued, with additional signs of regime instability and reports of infrastructure targeting. Following the elimination of the primary Iranian leadership, Israeli and US forces executed a series of high-precision strikes aimed at the remaining command structure and strategic assets, including alleged clandestine nuclear and missile facilities. Iranian military cohesion is showing significant signs of fracture, with reports of widespread desertion and senior officers abandoning their posts. Regionally, the conflict has expanded through aggressive cyber warfare targeting critical infrastructure backbones in Israel and in the Gulf, and the potential entry of new state actors like Azerbaijan and China.

Key Takeaways

• Military Fragmentation: Widespread desertion by Iranian commanders has left conscripts to face ongoing bombardments alone, signaling a breakdown in the Iranian military’s command and control.

• Strategic Nuclear and Military Infrastructure Crippled: Successful strikes on hidden ballistic missile factories and possible clandestine nuclear sites like Bukan have significantly degraded Iran’s long-term retaliatory and deterrent capabilities.

• Globalized Hybrid Warfare: Iranian drone targeting Microsoft Azure datacenters the Gulf represents an expansion of attacks against Western cloud infrastructure outside of previously targeting AWS datacenters.

Timeline of Key Events: March 6, 2026

• Morning: 50 Israeli planes dropped 100 bombs on an underground bunker in Tehran’s leadership compound, reportedly eliminating the remaining top regime figures.

• Morning: US forces destroyed a hidden Iranian ballistic missile factory located within Tehran.

• Mid-Day: Israeli Air Force eliminated Hossein Taeb, former head of the IRGC Intelligence Organization, in a targeted strike on his residence.

• Afternoon: Azerbaijan began moving artillery and military equipment to the Iranian border while simultaneously evacuating all diplomatic personnel from Tehran and Tabriz.

• Ongoing: Mehrabad International Airport in Tehran remains under heavy combined US and Israeli air attack, with massive explosions reported across the facility.

• Evening: President Donald Trump officially demanded “unconditional surrender” from Iran, rejecting any other deals.

Cyber Threats & Attacks

• Coordinated DDoS (#OpIsrael): Pro-Russian groups NoName057(16) and DDoSia Project collaborated with pro-Iranian actors to target Israeli defense (Elbit Systems), telecom (Hot Mobile), and infrastructure (Jerusalem Light Train).

• Regional Disruption (Claimed): The Cyber Islamic Resistance in Iraq (Team 313) claimed a massive 18-hour disruption of Kuwaiti government infrastructure, allegedly targeting 26 IP ranges across the ministries of Defence, Health, and Electricity.

• Political Retaliation: The FAD Team claimed responsibility for taking Jordan’s official royal website offline, citing Jordan’s normalization with the US and Israel.

Physical Threats to Western Entities

• Strategic Data Centers: Microsoft Azure facilities in the Gulf are now high-priority kinetic targets, with physical strikes reported.

• C4ISR Vulnerability: Iranian strikes have demonstrated the ability to damage critical US communication and early-warning radars (e.g., AN/FPS-132) at Al Udeid and other regional bases.

• Aviation and Logistics: Ongoing GPS spoofing near the UAE continues to threaten commercial aviation, while the total blockade of the Strait of Hormuz has halted all Western commercial shipping in the area.

Security Recommendations

• Cyber Defense: Western financial and defense entities using cloud services in the Gulf must immediately implement redundant, off-site backups and verify the integrity of Azure-hosted operational backbones.

• Diplomatic and Personnel Safety: Azerbaijan’s total evacuation of diplomats should serve as a trigger for remaining Western missions to finalize emergency departure protocols.

• Maritime Alert: Commercial vessels must avoid the Indian Ocean near Sri Lanka and the Gulf region entirely due to active submarine warfare and drone strikes.

Strategic Outlook

The conflict is poised to enter a possible ground-war phase as Azerbaijan mobilizes on the northern border and Kurdish volunteers reportedly prepare to launch offensives in western Iran. The total decapitation of the Iranian regime’s leadership suggests that any remaining IRGC elements will likely shift toward decentralized, asymmetric attacks. Furthermore, reports of China preparing to provide spare parts and financial aid to Iran suggest the conflict may evolve into a broader proxy war involving global powers.

According to the latest updates from Flashpoint on March 5, 2026, the conflict evolved as Iranian military forces adopted an “offensive defense” posture, launching drone and missile strikes against military facilities in Qatar, Kuwait, Bahrain, and Azerbaijan while simultaneously contending with an intensive Israeli air campaign. To mitigate the impact of these aerial bombardments, Iranian security forces have begun repurposing non-military and civilian structures as makeshift operations centers and command nodes, effectively dispersing their footprint into residential and commercial areas. Internal reports indicate an uptick in desertions among regular military units and conscripts, prompting the Islamic Revolutionary Guard Corps to deploy Basij units in major urban centers. These units have adopted a threatening posture toward the domestic population, utilizing mobile loudspeaker convoys to broadcast warnings and enforce order through a visible, armed presence in an effort to deter further instability.

Key Takeaways

• Geographic Expansion: Iranian kinetic operations have expanded to include drone strikes on Azerbaijan’s Nakhchivan International Airport, drawing Azerbaijan’s military onto high alert.

• Hybrid Warfare Intensification: A massive cyber campaign (#OpIsrael) involving pro-Russian and pro-Iranian actors has targeted Israeli industrial control systems and government portals across Kuwait, Jordan, and Bahrain.

Timeline of Key Events: March 4–5, 2026

• 04:00 UTC (March 5): Iranian attack drones strike Nakhchivan International Airport in Azerbaijan, causing explosions near civilian infrastructure.

• 06:30 UTC: Azerbaijan Ministry of Defence places its military on highest alert and prepares “retaliatory measures”.

• 09:15 UTC: Reports confirm a massive fire at Ali Al Salem Air Base in Kuwait following a “complex missile and drone attack”.

• 11:45 UTC: The Israeli Air Force (IAF) conducts a wave of strikes against approximately 200 targets in western and central Iran, focusing on ballistic missile launchers.

• 18:00 UTC: Iraq’s national power grid reportedly suffers a collapse and nationwide blackout amid widening military operations.

Cyber Threats & Attacks

The last 24 hours saw a coordinated wave of cyberattacks under the #OpIsrael banner.

• NoName057(16): This pro-Russian group claimed to gain administrative access to Israeli Industrial Control Systems (ICS) and SCADA interfaces, allegedly controlling pump activity and water flow. These claims are currently unverified but represent a high-risk threat to essential services.

• Handala Group: Claimed the exfiltration and subsequent wiping of 1.3 TB of data from Atlas Insurances Ltd. The group also launched a doxxing campaign titled “Death Makers,” releasing personal details of alleged Israeli intelligence officers.

• Fatemiyoun Electronic Team: Claimed responsibility for taking numerous government ministry websites offline in Jordan and Kuwait. They reportedly leaked personal data of over 23,000 users from a Kuwaiti government application.

• Cyber Islamic Resistance (Team 313): Reported successful disruptions of government servers in Bahrain and published images purportedly from compromised surveillance cameras.

Physical Threats to Western Entities

• Diplomatic Missions: Precautionary evacuations of residents near US Embassies have been implemented in Qatar, Jordan, Saudi Arabia, Kuwait, and Bahrain due to rising regional tensions.

• Commercial Aviation: Strong GPS spoofing continues to affect civilian flight operations near the UAE.

Security Recommendations

• Cyber Defense: Operators of Industrial Control Systems (ICS) in the Middle East and Germany must immediately isolate SCADA systems from the public internet and audit for unauthorized administrative access.

• Personnel Safety: All non-essential Western personnel in Iraq and Kuwait should follow immediate evacuation orders.

• Logistics: Commercial shipping should avoid the Strait of Hormuz and the waters off Sri Lanka due to naval warfare activity.

Strategic Outlook

The analysis says that the conflict is expected to intensify along Iran’s western border as Kurdish separatist groups reportedly mobilize for a ground offensive. The potential entry of Azerbaijan into the kinetic theater likely forces Iran to divert resources to its northern border. Expect continued high-frequency cyber attacks as pro-regime groups attempt to offset kinetic losses with cyber disruption.