Cloudflare says autocrats, wars and elections caged the internet in Q1

Iran went dark twice, AWS got droned, oh and TalkTalk broke something it refuses to talk about

The first quarter of 2026 saw a surge in severe and prolonged internet disruptions, from government shutdowns to power outages to the occasional mystery incident.

So says content delivery network biz Cloudflare in its latest summary of the global activity it oversees across the interwebs. This takes in the whole gamut from severe weather to cable damage to various technical issues.

One of the major incidents involved hostilities in the Middle East, where Iran authorities shut down the country's internet for 61 days (at the time of writing), following the assault by Israel and the US on February 28.

This wasn't the first government-enforced blackout of the year in Iran, that started at 20:00 local time (16:30 UTC) on January 8 in response to nationwide protests against the ruling regime that began 11 days earlier. Traffic remained near zero until January 21, when a small amount returned, only to disappear around 24 hours later. Another brief restoration followed on January 25, before normality resumed on January 27.

Cloudflare reports that an almost total loss of announced IPv6 address space started several hours before the cut-off actually hit on January 8, which was an indicator of what was to come. Some shifts in announced IPv4 address space were visible during the shutdown, but largely remained consistent during the shutdown period. Cloudflare says these observations suggest the shutdown was implemented by means of filtering.

In the war-related shutdown, the Cloudflare Radar service noticed a sharp drop in traffic from Iran around 10:30 local time (07:00 UTC). Traffic levels fell to less than 1 percent of normal.

However, IP address space continued to be announced this time, while a small amount of traffic that persisted suggests the shutdown was effectively achieved through aggressive filtering. Selected users continued to access approved internet sites via "whitelists" and "white SIM cards," Cloudflare says.

Elsewhere, internet outages coincided with elections in Africa. Ugandan authorities pulled the plug between January 13 and January 17 to cover the presidential election. It was similar for the Republic of Congo presidential election on March 15, where cutoff lasted for circa 60 hours.

Back to the conflict in the Middle East, Amazon Web Services saw its datacenter sites impacted by drone strikes. Service degraded after a facility in the United Arab Emirates was hit on the morning of March 1. The following day, AWS confirmed two of its facilities in the UAE (me-central-1 region) were "directly struck" by drones and that a campus in Bahrain (me-south-1 region) was offline after a nearby strike.

Ukraine also suffered loss of access in some areas, due to the ongoing Russia's invasion. Attacks on energy infrastructure January 7 and 8 caused power outages disrupting internet activity in Dnipropetrovsk and surrounding regions to below 50 percent of normal.

Later the same month in Kharkiv, a drone and missile attack - again targeting energy infrastructure - led to another 50 percent drop in traffic from the region on January 26, with recovery progressing the next day.

Then there were the mystery outages. In late March, customers of UK broadband provider TalkTalk reported widespread service disruptions. Cloudflare says traffic from the network dropped nearly 50 percent compared with the previous week starting around 07:00 local time, with service restored not long after, at about 08:15 local time.

TalkTalk acknowledged the issues on X but did not publicly disclose a root cause, according to Cloudflare. We asked TalkTalk for the root cause.

A spokesperson said: "We recorded a brief network outage on the morning of March 25. Full service was restored within approximately one hour."

Whatever it was, TalkTalk seems determined to keep it a secret, so perhaps it was an embarrassing gaffe by one of engineers. ®