Operation Epic Fury: Sophos Warns of Global Cyber Retaliation
Table of Contents
Today we received an important security advisory from Sophos. Due to the current geopolitical situation surrounding “Operation Epic Fury” and the associated increased cyber threat, we want to pass this warning directly on to you.
Below you will find the original security warning from Sophos.
Intelligence Report - Escalating Middle East Conflict
Overview
On February 28, 2026, the United States (U.S.) and Israel launched Operation Epic Fury, which involved a coordinated set of strikes targeting Iran’s military missile sites, production facilities and navy.
In response, the Iranian government has signaled its intention to retaliate and has launched attacks against Israel and U.S. military sites in the region. Iran has instituted an Internet blackout to restrict the flow of information into and out of the country, a measure they often employ in periods of conflict or internal unrest.
As Iran considers its options, the likelihood increases that proxy groups and hacktivists may take action, including cyberattacks, against Israeli and U.S. affiliated military, commercial, or civilian targets. Such activity would most likely include website defacements, distributed denial‑of‑service (DDoS) attacks, the amplification of old data breaches presented as new incidents, and unsophisticated attempts to compromise internet‑exposed industrial systems. Iran may also elect to conduct direct offensive cyber operations.
Iran has a well‑established history of using disruptive cyberattacks as retaliatory signals of defiance and resolve. These operations aim to impose costs and create uncertainty, as Iran rarely announces or openly claims responsibility, instead sometimes hinting at attribution through imagery or messaging used by affiliated front personas. It routinely employs proxy groups and false-front hacktivist or cybercrime personas to carry out attacks, issue public claims, and amplify narratives across social media and messaging platforms. Government, critical infrastructure, and financial sector organizations may be at increased risk based on past Iranian cyber operations. A notable example is the use of the “HomeLand Justice” persona to conduct politically motivated wiper malware and hack‑and‑leak attacks against Albanian government entities since 2022.
Iran has deployed over a dozen similar personas in operations targeting Israel, with activity increasing following the Israel–Hamas conflict in October 2023. Several Iranian-run group personas were reactivated after Israel’s strikes on Iran beginning on 13 June 2025.
Although Iranian military and intelligence‑linked cyber threat groups are known to exaggerate their achievements, they nonetheless can pose a credible threat. These groups actively exploit opportunities to gain access to targeted organizations, often leading to data theft, ransomware or wiper attacks, and the subsequent public release of stolen information.
What you should do
In anticipation of reprisal attacks, Sophos recommend that customers - particularly those operating in the U.S. and Middle East - increase vigilance. Organizations should maintain heightened awareness for topical phishing campaigns, password-spraying activity, and other credential attacks.
Additionally, it is important to maintain a focus on fundamental security practices such as patching internet-facing systems against known vulnerabilities, implementing and maintaining antivirus solutions, and monitoring endpoint detection and response solutions.
Organizations should also review their business continuity plans and restoration processes to address ransomware-style or wiper malware attacks.
What Sophos MDR (Managed Detection Response) is doing
Sophos is actively monitoring threats related to the escalating conflict and are collaborating closely with public and private sector partners.
References:
- https://www.cisa.gov/shields-up
- https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/iran
- https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened
- https://www.enisa.europa.eu/publications/boosting-your-organisations-cyber-resilience
Take care in these turbulent times and stay vigilant digitally as well as in real life.
Until next time, I wish you all safety.
Joe
