Insights, news, education and announcements from PolySwarm | IRGC cyber operations

Cyber Strategy Under Fire: Iranian APT and Proxy Retaliation Risks

Mar 6, 2026 1:24:51 PM / by The Hivemind posted in Threat Bulletin, IRGC cyber operations, Iran US Israel war 2026, Operation Lion’s Roar, Iran cyber retaliation, Twelve-Day War 2025, Operation Epic Fury,, Iran internet blackout, Iranian APT groups

Executive Summary

On February 28th, US and Israeli military forces conducted a coordinated and multifaceted attack on Iran. Known as Operation Epic Fury by the Americans and Operation Lion’s Roar by the Israelis, the objective was to neutralize a long-term threat and prevent the Iranian regime from obtaining nuclear missiles. As with any conflict involving Iran, practitioners monitoring the cybersecurity threat landscape expect kinetic warfare to spill over into the cyber realm and wait with bated breath to see what retaliatory attacks may occur. As of early March 2026, the conflict remains active, with ongoing strikes, regional disruptions, and uncertain regime stability.

Read More

An Eye on Iran

Jul 8, 2025 12:01:19 PM / by The Hivemind posted in Charming Kitten, APT35, Wiper Malware, Iranian cyberattacks, Peach Sandstorm, CyberAv3ngers, APT33, US critical infrastructure, Israeli defense, IRGC cyber operations

Executive Summary

Escalating tensions following Israel’s “Operation Rising Lion” and US “Operation Midnight Hammer” can potentially trigger retaliatory cyberattacks, with IRGC-linked groups targeting US and Israeli critical infrastructure. These state-sponsored actors may deploy sophisticated malware and phishing to disrupt operations and steal intelligence, posing significant risks to global security.

Read More