Persian influx: conflict in the Middle East has led to a surge in cyber attacks
The conflict in the Middle East has become a catalyst for cyber attacks, cybersecurity companies told Izvestia. Their number in the world in the first quarter of 2026 increased by 168% compared to the same period in 2025. In Russia, the number of DDoS attacks increased by 82%. The main targets of the attackers were financial organizations, retail and the telecom sector. In the second quarter, experts expect the activation of intruders and increased attacks on companies. About which other areas were most often attacked and how the situation will develop, see the Izvestia article.
How countries were attacked
In the first quarter of 2026, amid the aggravation of the geopolitical situation, an increase in cyber attacks was recorded in the world — their number increased by 168%, StormWall told Izvestia. In particular, the activity of intruders began due to the conflict in the Middle East, which began in late February. The fighting affected, in particular, the United Arab Emirates, Saudi Arabia, Bahrain, Qatar and Kuwait.
After the start of the joint operation between the United States and Israel, pro-Iranian hacktivist groups sharply increased DDoS attacks, the company said. At first, massive attacks were launched against Israeli government organizations and telecom companies. After that, the attackers attacked Bahrain, Qatar, Kuwait and the United Arab Emirates, as these countries cooperate with the United States.
From March 1 to March 20, 2026, the number of DDoS attacks in the Middle East increased eightfold compared to the same period in February. Israel was the most affected, with 36% of the total number of attacks in the Middle East, the UAE — 21% and Bahrain - 14%.
The top 10 most attacked countries in the world in the first quarter included: USA (12.8%), China (11.4%), India (9.2%), Israel (8.7%), Russia (8.2%), Great Britain (7.4%), UAE (7.1%), Saudi Arabia (6.8%), Germany (6.2%) and Singapore (5.4%).
The war in the Middle East primarily affected the cyber landscape of the region's countries, but its consequences turned out to be broader due to the cross-border nature of digital infrastructure, said Denis Chigin, director of the Softline Solutions Technology Expertise Department.
"There are several main reasons for the expansion of the attack surface," he noted. — The conflict provoked a massive transfer of employees to a remote format, which led to a drastic expansion of the attack surface through the use of unsecured home networks, routers and personal devices as new perimeters of corporate infrastructure.
In addition, physical attacks on critical infrastructure — data centers, power facilities, ports - have forced businesses to urgently look for alternative routes and suppliers. This, according to the expert, has created unprecedented opportunities for cyber attacks on supply chains.
"There has also been an accelerated increase in the number of attacks using AI, phishing, and malware, which are used both by hacktivists and for cyber espionage and psychological operations,— Denis Chigin added.
The main targets are energy, oil and gas sector, finance and telecom, he noted. Among the most common methods are hacking followed by data leakage, DDoS attacks, vulnerability exploration, supply chain compromise through phishing, exploitation of cloud services, theft of schemas, contracts, and risk reports.
Any political events often become a trigger for an increase in attacks, confirmed Roman Malyshkin, an analyst at the Spikatel Cyber Threat Monitoring center. According to him, states often use this as an instrument of an asymmetric response and a way of pressure.
"The conflict in the Middle East has increased, in particular, ideologically motivated DDoS attacks and website defacing (hacking a website and publishing malicious messages on it)," he explained. — Even countries outside the conflict are affected through contractors, cloud services and multinational companies.
How did the conflict affect the attacks in Russia
The geopolitical agenda of recent years has generally changed the landscape of cyber attacks on Russian organizations, as evidenced by their multiple increase in 2022-2023, and the transition to more complex and destructive attacks in recent years, the press service of the Solar Group of companies recalled.
"Experts also note an almost well-established trend towards the growth of DDoS attacks during the holidays and other important geopolitical events. It is possible that some growth in a number of organizations may be recorded in March-April 2026 due to recent events," they added.
In the first quarter, the number of DDoS attacks in Russia increased by 82% compared to the same period last year, StormWall said. Most of the attacks were organized by hackers in order to obtain commercial benefits.
The number of attacks increased significantly in several areas at once: on financial organizations by 74%, on telecom companies by 61%, on retailers by 38% compared to the first quarter of 2025. Hackers organized an impressive stream of DDoS attacks on banks and payment systems, which caused problems in the work of organizations and led to the unavailability of a number of financial services.
Telecom companies had to withstand a series of devastating attacks, the power of which exceeded 2 Tbit/s and in some cases even reached 3.5 Tbit/s. Retailers have faced an avalanche of multi-vector DDoS attacks, with the peak occurring during Defender of the Fatherland Day on February 23 and International Women's Day on March 8.
In addition, the number of DDoS attacks increased in the entertainment sector by 26%, in the logistics industry by 22%, in the manufacturing sector by 18% and in the educational sector by 8%.
"In the first quarter of 2026, attackers chose key industries in Russia to launch DDoS attacks," said Ramil Khantimirov, CEO and co—founder of StormWall. — At the same time, they actively used DDoS attacks with a capacity of over 2 Tbps, trying to harm companies as much as possible.
Denis Chigin also noted the multiple increase in DDoS and proxy attacks on government and telecom resources, which was largely triggered by geopolitical and information triggers.
"The activity of hacktivist and APT groups against critical information infrastructure facilities has remained at a consistently high level," he said.
According to Roskomnadzor, during the peak period from February 26 to March 4, the number of DDoS attacks on government resources almost tripled from the usual 350 to 949 per week. The most powerful attack reached 25.46 Gbps and 88.33 million packets./with. And the longest attack on a commercial organization lasted 113 hours and 22 minutes.
The main targets were organizations from the Fintech, IT and Telecom, and Online Betting segments, Curator said. These segments accounted for almost three quarters of all recorded incidents.
"In the Online Betting segment, it is worth noting separately — in addition to a noticeably higher number of incidents than last year, it also recorded both the most intense and the longest DDoS attack," they said. "It occurred in mid—March, when the attack's bitrate reached 2,065 Gbit/s at its peak."
Almost two thirds of all DDoS attacks occurred in five micro-segments: "Banks", "Payment systems", "Online bookmakers", "Hosting platforms" and "System Integrators".
According to Ramil Khantimirov, the power of attacks will continue to grow in the second quarter of 2026, and "organizations need to take this situation as seriously as possible."
Переведено сервисом «Яндекс Переводчик»
