Ddos 
UNK_NightOwl OWA credential phishing site | Image: Proofpoint
In the wake of the February 2026 military strikes known as Operation Epic Fury, a new front has opened in the digital domain. A recent analysis by Proofpoint reveals a significant surge in cyber operations as state-aligned threat actors pivot their strategies to exploit the ongoing conflict for intelligence collection.
Despite significant infrastructure challenges—including a government-mandated internet shutdown following the initial strikes—major threat actors have remained operational. Notably, the Iran-aligned group TA453 (also known as Charming Kitten or APT42) has continued to pursue its objectives.
On March 8, researchers observed the group targeting a U.S. think tank with a credential phishing attempt. Interestingly, this was not a new operation birthed by the war; the initial correspondence began before the conflict even started. According to Proofpoint: “This likely reflects an effort to gather regional intelligence on the standing, trajectory, and broader geopolitical implications of the conflict”.
The war is serving as both a powerful lure for social engineering and a primary driver for what hackers want to steal. Analysts have observed a marked increase in campaigns targeting Middle Eastern government and diplomatic entities.
One observed tactic involved a multi-stage lure designed to bypass initial suspicion:
- The Hook: An exchange of benign emails to establish rapport.
- The Payload: A malicious URL disguised as a link to a PDF titled “Air Defense Depletion & Deterrence in the Middle East-Event Overview.pdf”.
- The Deception: A redirect to a OneDrive-themed credential phishing page, pre-filled with the target’s email to increase perceived legitimacy.
This shift in behavior suggests that regional instability is being used as “both a topical social engineering pretext and a driver of collection priorities for a range of state-aligned threat actors”.
For security professionals and government agencies, the message is clear: regional conflicts do not just increase the volume of attacks—they fundamentally change the nature of the intelligence being sought. Surveillance and espionage are now being tailored to understand the “broader geopolitical implications” of a world in flux.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
