For decades, cyber operations remained the realm of shadows. Governments hacked quietly; officials denied involvement; the public barely noticed. But the February 2026 war with Iran has shattered that convention. This is the first military conflict where cyber operations have been explicitly acknowledged and weaponised from the opening moment.
Unlike previous military conflicts, the cyber domain has been front and centre since the Trump administration invaded Iran, upending the traditionally quiet role played by hackers in military conflicts. The shift carries profound implications not just for how America wages war, but for how prepared the nation is to absorb retaliation.
The cyber arsenal goes public
The opening salvo on 28 February revealed a coordinated cyber-kinetic strategy.The BadeSaba prayer app hack, linked to Israel, demonstrated the country's integration of cyber and influence operations to inflame anti-regime sentiment, timed to sow confusion at the start of the air campaign, while cyberattacks on Iranian state-run sites like news agency IRNA, which saw anti-regime messages posted across its front page, demonstrated coordinated cyber intrusions as the United States and Israel launched airstrikes.
This coordination marks a decisive break with past practice.Governments are increasingly preparing the battlefield for major military operations in the air or on the ground with offensive cyber operations targeting civilian and military infrastructure. The Trump administration has not hidden this strategy; it has advertised it, signalling to allies and adversaries alike that cyber is now a distinct domain of warfare, as visible as the missiles themselves.
Iran's scattered response
Iran's cyber retaliation has unfolded unevenly.Iranian hackers have launched spying expeditions, digital probes, and distributed denial of service (DDoS) attacks in the wake of the US and Israel launching missile strikes, with most cyber activity so far targeting Israel and Persian Gulf countries, though threat intel analysts say digital attacks against American organisations are inevitable.
Yet Iran's ability to co-ordinate sophisticated attacks has been compromised by its own digital collapse.Beginning the morning of 28 February, Iran's available internet connectivity dropped to between 1-4%, and the loss of connectivity and significant degradation of Iranian leadership and command structures will likely hinder the ability of state-aligned threat actors to coordinate and execute sophisticated cyberattacks in the near-term.
This internet blackout has created a paradoxical problem for Iranian cyber operations. While the regime has lost the ability to orchestrate large-scale state-sponsored attacks, it has opened space for other actors.As many as 60 hacktivist groups aligned with Iran or Russia have become active as of March 2, 2026, with multiple Iranian state-aligned personas and collectives claiming responsibility for disruptive operations associated with an "Electronic Operations Room" formed on 28 February.
The credibility gap
Security researchers have consistently warned that many Iranian hacking claims should be treated with scepticism.While experts expect Iran to target the US, Israel, and Gulf Cooperation Council countries with disruptive cyberattacks focusing on critical infrastructure, Iran "has historically had mixed results with disruptive cyberattacks, and they frequently fabricate and exaggerate their effects in an effort to boost their psychological impact."Some cybersecurity firms have observed a drop in malicious cyber activity originating from Iran since the start of the war, with one CEO hypothesising that the reduction is likely because "operators are sheltering" during the military strikes.
America's vulnerability at home
The real danger lies in what Iran can accomplish despite propaganda and operational constraints.Iran is expected to target the US, Israel, and Gulf countries using disruptive cyberattacks with attacks resembling Iran's cyber operations during the Israel-Hamas war, including intel-gathering, limited disruption, and mass phishing campaigns, followed by data-wiping malware and other disruptive attacks.
Specific sectors face elevated risk.Organisations with direct connections to the US military, such as defence contractors and government suppliers, as well as those with ties to Israel, should be on heightened alert, and companies using Israeli-made operational technology or industrial equipment could become indirect targets.
The timing of these threats coincides with reduced federal cyber defence capacity.The Cybersecurity and Infrastructure Security Agency has been operating with sharply reduced staffing due to a funding lapse for its parent agency, the Department of Homeland Security. This convergence of elevated threat and diminished federal readiness creates a vulnerability window that Iranian cyber actors understand.
A reckoning on strategy
The public integration of cyber into kinetic warfare reflects confidence in American and Israeli capability. Yetsome experts warn that overemphasis on offensive operations leaves the United States more vulnerable if equal investment is not made in defending critical infrastructure that will be targeted by adversary cyber operations.
Australia and the broader Indo-Pacific region should monitor this conflict closely. Cyber operations in the Middle East set precedent for how great powers will integrate digital warfare into regional conflicts. If Iran successfully stages disruptive attacks against US or allied infrastructure, the calculus for future military operations elsewhere will shift. If the attacks largely fail, the bar for acknowledging and escalating cyber operations in other regions may lower.
For now, the cyber war runs parallel to the kinetic one. Its true measure will emerge not from headlines but from infrastructure vulnerabilities exploited and capabilities deployed. The days of silence around cyber operations may be over, but the damage they inflict remains difficult to measure in real time.