War has always had a shadow war. In 2026, that shadow has become a full-scale battlefield. On February 28, 2026, coordinated US and Israeli military strikes against Iran set off not just missile exchanges and drone attacks across the Gulf, but an immediate, ferocious escalation in the digital domain that is still unfolding, still widening, and actively threatening enterprises, governments, and critical infrastructure far beyond the conflict’s geographic borders. In light of this, Seqrite, the enterprise security arm of Quick Heal Technologies Limited, a global provider of cybersecurity solutions, has released a comprehensive threat advisory on the Iran-US-Israel cyber escalation.
Codenamed Operation Epic Fury and Roaring Lion, the February 28 US-Israel strikes on Iran triggered not just missile exchanges, but an immediate and ferocious cyber escalation. Iran’s internet collapsed to 1-4% capacity within hours, yet its cyber apparatus surged into overdrive through pre-planted backdoors, overseas infrastructure, and state-directed APT groups that never missed a beat. Iran’s cyber response has been ruthlessly effective despite domestic blackouts. Seedworm/MuddyWater (MOIS-linked) was already inside US and Israeli networks pre-strikes, deploying Dindoor (Deno-based backdoor) and Fakeset (Python implant) signed with stolen certificates against banks, airports, and NGOs.
At the same time, TA453/APT42 (IRGC) executed credential phishing against US think tanks using OneDrive lures. OilRig/APT34 spoofed Iraqi government emails for ClickFix attacks. Marshtreader/Agrius expanded camera scanning across Gulf states, exploiting Hikvision flaws for real-time strike damage assessment. The most audacious: Handala/Void Manticore (MOIS persona) remotely wiped 200,000+ devices at Stryker Corporation – a $25B US medical device maker with $450M DoD contracts – using legitimate Microsoft Intune features via a compromised Global Admin account, replacing login screens with their logo and disrupting global manufacturing.
The Chinese Mustang Panda opportunistically pivoted to Iran-themed lures, delivering LOTUSLITE backdoor via KuGou music binaries. Dust Specter targeted Iraqi officials with .NET malware using AI-generated code artifacts. TeamPCP (criminal actor) compromised Trivy vulnerability scanner in a supply-chain attack, then deployed CanisterWorm Kubernetes wiper selectively against Iranian clusters. Over 50 hacktivist groups coordinated via Telegram’s Electronic Operations Room, claiming DDoS against Gulf airports, banks, and Israeli infrastructure — though most remain low-impact noise atop sophisticated state operations.
The findings are drawn from the continuous monitoring and threat intelligence conducted by researchers at Seqrite Labs, India’s largest malware analysis facility, and are corroborated by the intelligence documented in Seqrite’s India Cyber Threat Report 2026, which had already forecast the era of “cognitive intrusions” where adversaries leverage AI to automate reconnaissance, deception, and persistence, and where geopolitical flashpoints become the ignition switch for hybrid digital warfare. The report documented in great detail how similar hybrid campaigns like Operation Sindoor blended hacktivism and espionage, with Trojans/infectors comprising 70% of attacks and behaviour-based engines blocking 34 million advanced threats.
Furthermore, Seqrite’s Cybersecurity Maturity Survey of 180+ organisations scored India at 6.3/10, with gaps in incident response (27.6% lacking processes) and data governance amplifying exposure to conflict-driven spillovers. This clearly shows that for Indian enterprises with Gulf exposure, defence ties, or cloud-heavy footprints, the risk of collateral targeting is acute. The Digital Personal Data Protection (DPDP) Act, 2023 further heightens accountability, mandating safeguards and breach notification for PII compromised in such operations, with penalties up to ₹250 crore.
Amidst such global volatilities, Seqrite’s DPDP-compliant portfolio stands as the must-have protective shield. Seqrite Endpoint Security blocks loaders like Dindoor and PowerShell abuse. Seqrite Data Privacy classifies and protects exfiltration targets like documents and credentials. Seqrite Threat Intelligence tracks APT infrastructure from MEGA buckets to Telegram C2. Digital Risk Protection Service monitors external exposures, while Ransomware Recovery as a Service (RRaaS) ensures continuity. All Seqrite products are fully aligned with DPDP Act provisions, delivering the AI-powered resilience needed against geopolitical cyber storms.
