Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran

Unit 42 reports an escalation of trans-regional cyber activity following Feb 28, 2026 strikes, attributing a mix of state-aligned and hacktivist operations targeting Israeli, regional, and Western infrastructure; observed activity includes a malicious RedAlert APK phishing campaign delivering mobile surveillance and data-exfiltration malware, widespread DDoS, wiper and ransomware incidents, claims of SCADA and control-system compromises, and numerous group claims and IOCs, with mitigation and detection recommendations provided.