Coordinated cyber-attacks formed an integral part of the lead-up to and the opening phase of the 2026 Iran war, operating in tandem with airstrikes and information operations to disrupt command and control systems, interfere with communications, manipulate information flows and exert psychological pressure. Within days of initial strikes, Iranian and hacktivist campaigns began to spill over into international networks.

This conflict has involved coordinated cyber and electronic warfare activities including:

• disruption of mobile and fixed communications systems, including internet and network access;

• interference with GPS and maritime navigation signals in the Gulf;

• cyber intrusions targeting government services and state media outlets; and

• large scale information gathering operations, including compromising apps and broadcasting channels to broadcast political messaging.

This blending of cyber, electronic and information warfare by involved nations demonstrates that such cyber activity is no longer confined to espionage or post conflict retaliation. It is now deployed deliberately as a force multiplying tool during active hostilities.

Near total internet blackouts across Iran occurring early in the conflict appear to have initially limited Iran’s ability to coordinate state directed cyber operations from within the country, however, did not eliminate cyber risk. Instead, risk shifted activity outward. Iranian aligned hacktivist groups operating from outside Iran commenced social media campaigns and escalated cyber attacks such as website defacements and phishing campaigns, claiming actions against foreign commercial and infrastructure targets.

This dynamic reinforces that cyber disruption does not remain contained within national borders. Even cyber measures designed to suppress an adversary domestically can amplify spillover risk internationally as proxy actors, political interest blocs and loosely aligned groups move to fill the gap.

The cyber dimension of the conflict rapidly spilled into civilian systems. In March 2026, the Handala group, believed to be affiliated with Iran's Ministry of Intelligence and Cyber Security for some years, hacked Stryker, a major US supplier of medical and surgical equipment, using destructive “wiper” malware.  

Although such cyberattacks connected to the conflict have primarily targeted entities in the Middle East and US, organisations globally, particularly governments, financial institutions and critical service providers have been on alert for an increase in cybercrime. This reflects the prevalence of conflict related cyberattacks in recent years. Cybercrime has been associated with the Russo-Ukrainian war, the Australian government has accused China backed groups of cyber espionage in respect of government and private networks, the Volt Typhoon and Salt Typhoon campaigns have included attacks on telecommunications networks, and cybercrime is considered a key part of North Korea's revenue raising activities. 

If an Australian government body or private organisation suffers unauthorised access, data loss or system compromise, obligations likely apply under applicable privacy legislation and authorities (such as reporting obligations pursuant to the Notifiable Data Breach scheme within the Privacy Act 1988 (Cth), for example), regardless of whether the incident was a result of a conflict related cyber campaign. The motivations of the attacker, geopolitical or otherwise, do not mitigate potential compliance requirements.

Australian government bodies or organisations holding government information may have additional regulatory obligations in relation to confidential government information or state secrets.

As this elevated threat environment has been publicly documented, regulators such as the Office of the Information Commissioner may reasonably expect organisations to have taken proportionate preventative steps. Failure to adjust controls, patch exposed systems or monitor infrastructure during a known period of heightened risk may subsequently attract additional regulatory scrutiny following a cybersecurity incident.

Cyber risk is now demonstrably intertwined with global political instability. Geopolitically conscious threat actors and rogue states are targeting global businesses and privately held corporations. For boards and senior executives, this raises questions about:

• whether cyber risk registers adequately account for geopolitical escalation;

• the resilience of cloud, identity and endpoint management dependencies; and

• the organisation’s preparedness for cybersecurity or IT infrastructure incidents.

Where cyber operations are widely reported and foreseeable during international crises, inaction may also be difficult to justify from a director’s duty of care perspective.

The 2026 Iran war and related conflicts in the Middle East illustrates that cyber warfare is now a central and expected feature of modern conflict. It is integrated, strategic and outward facing, with the potential to reach civilian infrastructure, businesses, private organisations and governments across the world.

Key takeaways for Australian organisations:

• Cyber risk follows geopolitics: the lesson is not to predict the next conflict, but to recognise that cyber risk can follow geopolitical tensions and rogue states.

• Legal obligations continue to apply: legal requirements, regulatory expectations and governance standards apply with equal force, and in some cases with heightened intensity, during periods of international instability.

• Cyber preparedness is not just an IT issue: cyber attacks are a core risk and legal governance issue for businesses and organisations.

If you have any questions or concerns about your organisation’s cybersecurity and operations or would like support reviewing your privacy policies and risk management, please contact our Technology & Data team.