Iran's military announced it will target "economic centers and banks tied to the US and Israel" following an Israeli strike on a bank in Tehran, shifting what appeared to be a conventional military conflict into critical infrastructure territory. The threat carries particular weight: an IRGC-affiliated news agency released a list of offices and infrastructure owned by US companies including Nvidia, Google, Microsoft, Oracle, IBM, and Palantir across Israel and the Middle East.
This is not merely rhetorical posturing. Several Amazon Web Services regional data centres in the Middle East have gone offline due to drone attacks, with Iran claiming deliberate targeting of these sites in the United Arab Emirates and Bahrain because they host US military workloads. The financial stakes are substantial. Data centres are expensive to build, and any damage could mean millions of dollars in repair costs, compounded by standard insurance policies often not covering damage through war, invasion, or military action.
For the technology sector, the timing creates acute vulnerability. Oracle, Nvidia and Cisco are all involved in OpenAI's AI campus in the UAE, dubbed Stargate, which will span 10 square miles with a 5-gigawatt capacity. Microsoft said it would invest $15 billion into the UAE by 2029. These are not modest regional ventures but foundational infrastructure for the next generation of AI deployment across the Gulf.
Cybersecurity experts flag a less visible but equally serious concern: the fragmentation of Iranian command structures. Iran's available internet connectivity dropped to between 1-4 percent on February 28, with analysis suggesting significant degradation of Iranian leadership structures will hinder the ability of state-aligned threat actors to coordinate sophisticated cyberattacks in the near-term. However, this apparent constraint actually creates a different problem. The Iranian leadership vacuum is likely to lead to more unpredictable, decentralised proxy attacks, with aligned hacktivists and proxy groups making targeting decisions without approval from central authorities.
The history here matters. Between late 2011 and mid-2013, hackers working for the Iranian government launched massive DDoS attacks against 46 major financial institutions including Bank of America and the New York Stock Exchange, overwhelming bank servers with up to 140 gigabits of garbage data per second and disabling customer access for hundreds of thousands of users. Iranian cyber operations have evolved since then. Tehran's cyber operations have ranged from disabling US financial websites between 2011 and 2013, to erasing data from the Las Vegas Sands Casino in 2014, to defacing websites after events like the death of Iranian military commander Qasem Soleimani.
US intelligence agencies have already mobilised. The US intelligence community issued private warnings to American companies and government agencies urging vigilance and hardening of possible targets of cyber attack by the Iranian regime. In a bulletin to private companies, US security officials warned that ongoing claims for cyber attacks targeting US entities by Iranian-aligned groups could lead to increased malicious activity against the financial services sector, noting that historically the US financial sector has been viewed as a priority target by Iranian-aligned cyber actors.
What distinguishes this moment from previous cycles of Iranian retaliation is the explicit weaponisation of commercial digital infrastructure. Data centres may now be considered legitimate targets for attack in modern armed conflicts, which will significantly change how companies think about data centre security going forward. Australian organisations using cloud services from the named companies should review their service agreements, backup protocols, and geographic redundancy. Those with sensitive operations dependent on Middle Eastern data centre facilities should assess contingency plans immediately. The threat is no longer theoretical.