US‑Israel‑Iran conflict may trigger unprecedented cyberattacks

[Editor's Note: Follow Khaleej Times live blog amid Israeli, US strikes on Iran for the latest regional developments.]

Geopolitical conflicts in the past two decades have normalised the use of cyber warfare, where digital strikes are integrated into broader military strategies.

Recommended For You

Sheikh Mohammed issues law regulating outsourcing of government services in Dubai

2 expats die, some injured in Oman after two drones crash in Sohar

IB students in UAE get relief as coursework deadline extended amid regional conflict

Four Bahrainis arrested for spying activities with Iran's IRGC

UAE tackles 7 missiles, 27 drones on March 13 as injuries rise to 141

 

With the escalating US‑Israel‑Iran conflict, cyber operations are also expected to take a central role, inflicting damage on governments, corporations and civilians across borders.

There might not be apparent physical destruction, but stakes are high, and repercussions can be “unprecedented and widespread disruption of critical economic infrastructure, financial systems, and logistics,” warned Rayad Kamal Ayub, cybersecurity expert and managing director of Dubai-based Rayad Group.

Stay up to date with the latest news. Follow KT on WhatsApp Channels.

Ayub enumerated the cyberattacks in the past 20 years:

Estonia, 2007 — Following a political dispute with Russia, Estonia endured weeks of distributed denial‑of‑service (DDoS) attacks and website defacement that disrupted banking, government and media services and prompted NATO to create a cooperative cyber defence centre.

Georgia, 2008 — In the Russo‑Georgian war, DDoS and website defacements preceded and accompanied kinetic operations, degrading official communications and public trust.

Stuxnet, 2010—Uncovered on June 17, 2010, the Stuxnet worm sabotaged centrifuges at Iran’s Natanz facility. Believed to be created by US and Israeli intelligence agencies, the malware targeted physical destruction of industrial systems.

Ukraine, 2015–2017 and 2022–2024 — Cyberattacks on Ukrainian power grids in 2015 and 2016 used spear‑phishing and ICS (industrial control systems) exploits to cause power outages. The 2017 NotPetya campaign, launched via compromised tax software, spread globally and inflicted more than $10 billion in damages on firms, including Maersk and Merck. During the 2022 invasion, wipers, satellite intrusions and sustained DDoS and phishing campaigns became routine elements of the conflict.

Regionally targeted campaigns

Shamoon (malware) and retaliation cycles — The 2012 Shamoon attack against Saudi Aramco wiped tens of thousands of workstations and signalled the rise of destructive regional cyber operations. Subsequent attacks on ports, railways, fuel distribution and water systems have repeatedly shown cyber operations’ capacity to produce civilian harm and economic disruption.

January–February 2026 — Escalation tied to the Iran war. Intelligence and private monitors reported large‑scale scanning, credential harvesting and phishing against defence contractors, energy firms and GCC government networks in mid‑January. Between January 20 and 26 this year, attacks inside Iran disrupted ports and power substations. Retaliatory and wider regional campaigns followed.

Selected impacts in the Gulf region

• Ports: On January 20, Bandar Abbas and Chabahar port systems were disrupted, halting container management and delaying oil exports; estimated losses ran into tens of millions per day. 

• Power: On January 22, attacks on Iranian substations caused rolling blackouts in Tehran, Isfahan and Shiraz and forced industrial and medical facilities onto emergency power. 

• Energy: On January 24, a Shamoon variant (Shamoon 4.0) struck Saudi energy infrastructure, initially compromising some 15,000 workstations; rapid isolation and backups limited permanent loss, and Aramco reports production near pre‑attack levels. 

• Finance: Some banks experienced sustained, multi‑day DDoS campaigns peaking at roughly 1.2 Tbps that intermittently degraded online banking and ATM services but, officials say, did not result in large‑scale data theft. 

• Telecommunications: Qatar and Kuwait reported mobile, ISP and DNS disruptions and intermittent 5G degradation that hampered commerce and emergency communications. 

• Logistics: Bahrain’s Khalifa Bin Salman Port suffered operations‑management outages that disrupted container flows and created regional supply‑chain backlogs.

Adopt zero‑trust architectures

Ayub, who recently spoke at Token2049 Singapore and at Consensus Hong Kong in February, warned future cyberattacks would be “qualitatively different from earlier waves.”

“This offensive is the most sophisticated and coordinated attack on Gulf critical infrastructure we’ve ever witnessed,” he said, adding that attackers are “simultaneously targeting energy, finance, telecommunications and logistics to generate cascading failures.”

Ayub urged firms to adopt zero‑trust architectures, micro‑segmentation and immutable offline backups, underscoring, "Companies that invested in these controls will weather the storm. Those who delayed security investments will pay a devastating price.”

"The Iran conflict of 2026 underlines that modern warfare includes sustained campaigns in cyberspace with direct consequences for companies and civilians,” Ayub told Khaleej Times, underlining: “Corporate resilience now hinges on treating cybersecurity as a strategic, business‑continuity imperative rather than an IT afterthought.

• Iran Israel war

Written by

Angel Tesorero

Angel Tesorero is Assistant Editor and designated funny guy in the newsroom, but dead serious about writing on transport, labour migration, and environmental issues. He is a food lover too.