Iranian hacking outage coincided with Israeli military strike

· The Straits Times

TEHRAN – Computers associated with Iranian government-backed hackers disappeared from the internet when Israel’s military attacked a military compound in Tehran, according to a threat intelligence firm. 

The Israel Defence Forces said in a tweet on March 5 it struck targets in eastern Tehran, including the headquarters of the Islamic Revolutionary Guard Corps, Iran’s cyber warfare unit, the headquarters of the intelligence directorate and other key military and intelligence divisions. 

Iranian internet addresses associated with the hacking groups went dark on the same day, some within the same hour, according to an assessment from cyber intelligence firm GreyNoise Intelligence, which monitors the internet for malicious behavior. Network traffic originating in Iran observed by the cybersecurity company stopped at that time, including four Iranian IP addresses that went offline simultaneously.

The disruption correlated with the IDF’s strike on the compound that housed Iran’s cyber warfare unit, according to GreyNoise. 

“Iran represents a large portion of the state-aligned groups that security companies track,” said Mr Andrew Morris, the firm’s founder. “Some amount of that is just going to stop because the people who did it are dead.”

Based on when the traffic stopped, Mr Morris said the web devices “suddenly flatlining completely” suggests they were “destroyed or disrupted due to sudden loss in power or network connectivity,” he said.

Since the US and Israel started launching military strikes on Iran on Feb 28, US national security officials and Western cyber firms have warned about potential retaliation from state-sponsored Iranian hacking groups.

However, known cyber-espionage groups that have operated on behalf of the government in Tehran have failed to play a meaningful public role in the new war, a relative silence that analysts say underscores the extent to which Iranian cyberattack capabilities have been degraded. 

Roughly 130 hacking groups were working on behalf of Iran around the time of the country’s 2025 military conflict with Israel, and that number has fallen to 17, according to Alexander Leslie, a threat analyst at the cybersecurity firm Recorded Future.

A small number of pro-Iranian groups have claimed to breach Israeli critical infrastructure firms, though those allegations have not been confirmed. Iranian groups frequently spread disinformation on social media intended to exaggerate their impact, Mr John Hultquist, chief analyst at Alphabet’s Google Threat Intelligence Group previously told Bloomberg News.  

Iran’s cyber forces are known to outsource some of their activity to allies and proxy groups, a tactic that means some hacking to support the governments goals will likely continue, said Morris of GreyNoise. BLOOMBERG

More on this topic

Iranian hacking groups go dark during US, Israeli military strikesThis underscores how Iran’s online attack and disinformation capabilities have withered, say analyst. Read more at straitstimes.com. Read more at straitstimes.com.03 Mar 2026Intelligence assessment warns of Iranian attacks on the US following Khamenei’s deathA US intelligence assessment warns of potential Iranian attacks on the United States and its allies following the confirmed death of Ayatollah Khamenei. Read more at straitstimes.com. Read more at straitstimes.com.03 Mar 2026