Get Started
What We Do
How We Do It
Resources
Company
Partners
Get Started
What we do
How we do it
Resources
Company
Partners
Get Started
What We Do
AI-DRIVEN SECURITY OPERATIONS
Atlas Security Operations Platform

Task-specific Atlas Agents investigate threats at machine speed with full transparency, expert validation, and explainable outcomes you can trust.

 Atlas Extended Detection and Response

Open XDR with Agentic AI & machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.

 Atlas User Experience

See what our SOC sees, review investigations, and see how we are protecting your business. 

 Atlas Platform Integrations

Seamless integrations and threat investigation that adapts to your tools and evolves with your business.
EXPERT-VALIDATED DEFENSE
Security Operations Center (SOC)

24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.

 Threat Response Unit (TRU)

Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.

 Cyber Resilience Team

Extend your team capabilities and prevent business disruption with expertise from eSentire.

 Response and Remediation

We balance automated blocks with rapid human-led investigations to manage threats.
ESENTIRE SERVICES
Managed Detection and Response

Combine AI-driven security operations, multi-signal attack surface coverage and 24/7 Elite Threat Hunters to help you take your security program to the next level.
All-in-One eSentire MDR MDR for Microsoft
Digital Forensics and Incident Response

Get unlimited Incident Response with threat suppression guarantee - anytime, anywhere.
Continuous Threat Exposure Management (CTEM)

CTEM and advisory programs that identify security gaps and build proactive strategies to address them.
How We Do It
MDR Packages and 24/7 Protection
MDR Pricing and Packages

Flexible MDR pricing and packages that fit your unique security requirements.
Atlas Essentials

Entry level foundational MDR coverage
Atlas Advanced

Comprehensive Next Level eSentire MDR
Atlas Complete

Next Level eSentire MDR with Cyber Risk Advisors to continuously advance your security program
Explore MDR Packages → Build Your MDR Package →
24/7 Coverage
Endpoint
Network
Log
Cloud
Identity
INDUSTRIES
Insurance Construction Finance Legal Manufacturing Private Equity Healthcare Retail Food Supply Government and Education Automotive Dealerships
USE CASES
Ransomware

Stop ransomware before it spreads.

 Identity Response

Stop identity-based cyberattacks.

 Zero Day Attacks

Detect and respond to zero-day exploits.

 Cybersecurity Compliance

Meet regulatory compliance mandates.

 Third-Party Risk

Defend third-party and supply chain risk.

 Cloud Misconfiguration

End misconfigurations and policy violations.

 Cyber Risk

Adopt a risk-based security approach.

 Mid-Market Security

Mid-market security essentials to prioritize.

 Sensitive Data Security

Protect your most sensitive data.

 Cyber Insurance

Meet insurability requirements with MDR.

 Cyber Threat Intelligence

Operationalize cyber threat intelligence.

 Security Leadership

Build a proven security program.
Resources
Resources
Resource Library Video Library Case Studies Compare MDR Vendors TRU Intelligence Center Monthly Threat Intelligence Briefings Cybersecurity Tools Cybersecurity Glossary Real vs. Fake MDR Blogs Security Advisories
SECURITY ADVISORIES
Mar 02, 2026 Iran Conflict – Increased Likelihood of Cyberattacks

On February 28th, 2026, the United States and Israel conducted major attacks against Iran, dubbed Operation Epic Fury and Operation Roaring Lion. Attacks against Iran will likely result in…

Read More
Feb 25, 2026 CVE-2026-20127 - Cisco Catalyst Zero-Day Vulnerability

On February 25th, 2026, Cisco disclosed a critical zero-day vulnerability within the Cisco Catalyst SD-WAN Controller (formerly SD-WAN vSmart) and Cisco Catalyst SD-WAN Manager (formerly…

Read More
View Advisories
From The Blog
Feb 26, 2026 How Cybercriminals Customized Attacks for Five Industries in 2025
Read More
Feb 12, 2026 From Classroom to SOC: How eSentire Cultivates Cybersecurity Excellence
Read More
Feb 05, 2026 Tenant from Hell: Prometei's Unauthorized Stay in Your Windows Server
Read More
VIEW ARTICLES
Company
ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us Leadership Careers Event Calendar Newsroom Aston Villa Football Club
EVENT CALENDAR
Mar
03
Chicago Cybersecurity Summit
Mar
05
Dallas Cybersecurity Summit
Mar
10
March TRU Intelligence Briefing
Mar
18
Aston Villa CISO Round Table
Mar
23
RSAC 2026 Conference
View Calendar
LATEST PRESS RELEASE
Feb 26, 2026 eSentire Supports Modern Security Skills Development with Award of Fifth Annual Sean Hennessy Bursary Read More
View Newsroom
OUR PARTNERSHIPS
Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More
Partners
PARTNER PROGRAM

Apply to become an e3 ecosystem partner with eSentire today.
APPLY NOW

Sign in to the Partner Portal to access exclusive resources, campaigns, training, sales tools, and support.
LOGIN NOW
Search

Search our site

Quick Links
ALL-IN-ONE ESENTIRE MDR

Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC SUPPORT

24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
MDR PRICING AND PACKAGES

We offer three flexible MDR pricing packages that can be customized to your unique needs.
TRU INTELLIGENCE CENTER

The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
MDR VENDOR COMPARISONS

Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
MDR CASE STUDIES

See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
Get Started
Get Started
Build A Quote
Become A Partner
Home Resources Security Advisories Iran Conflict – Increased Likelihood of Cyberattacks
Security advisories

Iran Conflict – Increased Likelihood of Cyberattacks

March 2, 2026

6 MINS READ

Share this article

THE THREAT

On February 28th, 2026, the United States and Israel conducted major attacks against Iran, dubbed Operation Epic Fury and Operation Roaring Lion. Attacks against Iran will likely result in increased cyber activity from pro-Iranian threat actors against Israel, the United States, and their allies.

Operation's Epic Fury and Roaring Lion involved targeting Iranian air defenses, military sites, and leadership. Following these military operations, Iran responded with kinetic strikes against Israel, and other US allies hosting American troops in the region. Cyber-attacks from pro-Iranian groups have also been identified, targeting organizations within Isreal and the United States, but details are limited.

Opportunistic threat actors may seek to take advantage of this conflict by either masquerading as Iranian actors, utilizing the conflict as a lure in their campaigns. Organizations that operate in the region, and those with connections to Israel or the United States must evaluate their threat model and consider implementing stricter security controls due to the heightened risks.

What we're doing about it

What you should do about it

Additional Information

Iranian state-sponsored threat actors are known to target critical infrastructure, energy (oil & gas), water & wastewater, in addition to various government and private sector organizations, such as telecommunications, financial, healthcare, and academic. These groups utilize a variety of initial access methods, which include, but are not limited to,exploiting vulnerabilities in Internet facing assets, social engineering, and bruteforce attacks. Iranian state-sponsored APT groups primarily conduct espionage and influence-motivated campaigns. Tools deployed in these campaigns include malware (Remote Access Trojans), Remote Monitoring and Management (RMM) tools, ransomware, and destructive wipers. At this time, it is unclear whether Iranian state-sponsored APTs remain capable of coordinating sophisticated response actions, due to the attacks against the country's infrastructure. Pending available capabilities, there is a high probability that these groups will target US and Israeli government, military, and supporting industries.

Following Operation Rising Lion, which involved the US and Israel targeting Iran in June 2025, an uptick in pro-Iran hacktivist activity was identified, which targeted organizations within Israel and the United States. In March 2026, the Islamic Cyber Resistance, an Iranian-linked hacktivist group, reportedly announced a recruitment campaign of "cyber experts and resources" for what was referred to as "the great epic battle". Flashpoint identified that the Handala Group had targeted Industrial Control Systems (ICS) within Israel, along with disrupting manufacturing and energy distribution in the country. Flashpoint also indicated that the Fatimiyoun Electronic Team was conducting attacks against "Western financial and energy firms" to deploy wiper malware. On February 28th, CrowdStrike warned that Iran-aligned groups were identified conducting reconnaissance and Distributed Denial-of-Service (DDoS) attacks. Based on historic trends, eSentire's Threat Intelligence team assesses with moderate confidence that pro-Iranian hacktivist groups will continue to target US-affiliated organizations in retaliatory cyber operations.

Iran has also made threats against ships traversing the Strait of Hormuz, which sees approximately 20% of the world's gas and oil shipped through it. There have been reports of attacks on oil tankers in the Strait of Hormuz over the weekend, however it is unclear who is responsible. Long term area denial of the Strait has the possibility of causing large impacts on the global economy.

Group Name(s) Industry Focus Reference
MuddyWater (Static Kitten, Mango Sandstorm) Telecommunications, Government, Defense, Energy https://malpedia.caad.fkie.fraunhofer.de/actor/muddywater
APT33 (Refined Kitten, Peach Sandstorm) Aviation, Energy, Defense https://malpedia.caad.fkie.fraunhofer.de/actor/apt33
APT34 (Helix Kitten, Hazel Sandstorm, OilRig) Telecommunications, Financial, Government, Energy, Chemical https://malpedia.caad.fkie.fraunhofer.de/actor/oilrig
APT35(Charming Kitten, Mint Sandstorm) Media, Government, Military, Academic https://malpedia.caad.fkie.fraunhofer.de/actor/apt35
APT39 (Remix Kitten) Academic, Travel, Telecommunications, Hospitality https://malpedia.caad.fkie.fraunhofer.de/actor/apt39
APT42 Academic, NGOs, Government https://malpedia.caad.fkie.fraunhofer.de/actor/apt42
Pioneer Kitten Government, Information Technology, Financial, Healthcare, Media https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-259a
Silent Librarian Academic, Government https://malpedia.caad.fkie.fraunhofer.de/actor/silent_librarian
Islamic Cyber Resistance Government https://securityscorecard.com/wp-content/uploads/2025/08/From-The-Depths-of-the-Shadows_IRGC-and-Hacker-Collectives_AUG5.pdf
HandalaGroup (HandalaHack Team) Media https://www.international.gc.ca/transparency-transparence/rapid-response-mechanism-mecanisme-reponse-rapide/iran-hack-piratage-iranien.aspx?lang=eng
FatimiyounElectronic Team Government, Information Technology, Critical Infrastructure https://securityscorecard.com/wp-content/uploads/2025/08/From-The-Depths-of-the-Shadows_IRGC-and-Hacker-Collectives_AUG5.pdf

References:
[1] https://www.centcom.mil/MEDIA/PRESS-RELEASES/Press-Release-View/Article/4418396/us-forces-launch-operation-epic-fury/
[2] https://en.idi.org.il/articles/63607
[3] https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
[4] https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
[5] https://www.picussecurity.com/resource/blog/understanding-active-iranian-apt-groups
[6] https://www.reuters.com/world/middle-east/israel-takes-name-iran-operation-bible-verse-2025-06-13/
[7] https://socradar.io/blog/cyber-reflections-us-israel-iran-war/
[8] https://www.jpost.com/defense-and-tech/article-888468
[9] https://www.bankinfosecurity.com/western-cybersecurity-experts-brace-for-iranian-reprisal-a-30890
[10] https://www.washingtoninstitute.org/policy-analysis/profile-fatemiyoun-electronic-squad
[11] https://www.cybersecuritydive.com/news/iran-hackers-threat-level-us-allies/813494/
[12] https://www.businessinsider.com/fight-iran-spread-oil-tankers-vessels-strait-of-hormuz-2026-3

Back to Security Advisories

Speak With A Security Expert Now

TALK TO AN EXPERT

in this Advisory

View Most Recent Advisories
ARE YOU EXPERIENCING A SECURITY INCIDENT OR HAVE YOU BEEN BREACHED?
Call 1-866-579-2200
The Proven Choice for
Managed Detection and Response
GET STARTED PARTNER LOGIN
Sales and
Customer Support
NORTH AMERICA 1-866-579-2200 EMEA (0)8000-443242 ANZ/APAC 1-519-651-2200
What we do
How we do it
Industries
Use Cases
Resources
Tools
Company

2026 eSentire, Inc. All Rights Reserved.