Hackers believed to be connected to Russia and supporting Iran have started taking part in cyberattacks linked to the US-Israeli conflict with Iran.
Analysts are unsure how serious this is; some see it as a real threat, while others view it as mostly online activity with little impact.
The development follows reports that Moscow is supplying Tehran with intelligence to target American forces in the region.
Groups like NoName057(16) and Z-Pentest have claimed responsibility for attacks on Israeli defense contractors and US-based organizations since the conflict began on February 28.
NoName057(16), a well-known pro-Russia collective, says it launched massive distributed denial-of-service (DDoS) attacks against Israeli defense companies. The group also claimed to have gained full access to human-machine interfaces controlling Israeli water management systems.
Kathryn Raines, cyber threat intelligence team lead at cybersecurity firm Flashpoint, confirmed the claims but noted her company has not verified them. DDoS attacks work by flooding websites with artificial traffic until legitimate users cannot access them.
Z-Pentest, another Russia-aligned hacktivist group, claimed responsibility for compromising several US-based entities in the conflict’s first days. Adam Meyers, head of counter adversary operations at CrowdStrike, said his company has observed a surge in pro-Iran hacktivists with Russian ties.
READ ALSO: Nearby Galaxies Hint at a Slower Expanding Universe and Surprising Dark Matter Clues
CrowdStrike has not verified these claims either. Meyers warned that Western organizations should remain on high alert as activity could move beyond hacktivism into destructive operations.
Russia has long received US intelligence and equipment supporting Ukraine’s defense. Now, Moscow may see an opportunity to retaliate by aiding Iran as American forces strike Iranian targets.
Cynthia Kaiser, a former FBI Cyber Division deputy director, said Russia appears comfortable providing proxy support to Iran or at least exploiting the unstable situation. She warned that while these groups often exaggerate their impact, they have caused real physical damage to critical infrastructure in the past.
Justin Sherman, founder of Global Cyber Strategies, explained that Russia’s cyber ecosystem includes state elements, cybercriminals, and patriotic hackers encouraged by propaganda. This complexity allows the Kremlin to choose different actors based on its needs.
WATCH ALSO: EHang’s next-gen autonomous eVTOL completes first public flight
The Russian government recently launched a massive global campaign targeting Signal and WhatsApp accounts of officials and military personnel, according to Dutch intelligence.
Some analysts doubt Russian state hackers are directly supporting Iran. Alex Orleans, a former National Security Council contractor, noted that sharing intelligence for kinetic strikes differs greatly from Russian cyber actors joining the conflict. He has never seen Russian advanced persistent threat groups insert themselves into conflicts to support third parties.
John Fokker, vice president of threat intelligence at Trellix, said there is currently no clear indication that hacktivist activity is directed by Russia or Iran. Verification remains difficult, though countries often provide various forms of aid during geopolitical conflicts.
Dave DeWalt, CEO of NightDragon, said Iran’s cyber capabilities have likely diminished in recent days. His firm has observed almost no Iranian cyber activity globally, suggesting most operations may have been physically dismantled.
READ ALSO: The Secret War Tool Hiding on Your Street: Security Cameras
Israel claimed last week it destroyed Iran’s cyberwarfare headquarters, though the full effect remains unclear. DeWalt described the silence from Iranian actors as unlike anything he has seen in 20 years.
The involvement of Russia-linked groups adds complexity to an already crowded information environment surrounding the conflict. Attribution remains difficult, and exaggerated claims complicate threat assessment.
Analysts agree that even unverified claims deserve attention. These groups have demonstrated the ability to damage critical infrastructure in the past, and the current situation could escalate beyond website disruptions into something more destructive.
