OPINION                                                                MARCH 27, 2026      |  The Indian Eye 11



        (IRGC)  and  the  Ministry  of  Intelli-
        gence and Security (MOIS). Iran has
        also built a large proxy hacking net-
        work outside the country, which has
        proved instrumental in carrying out
        attacks even after internet connectiv-
        ity within Iran was severely degrad-
        ed. This reliance on proxies reflects
        an adaptive approach to maintaining
        operational reach despite internal
        constraints.
            Iran’s  immediate  goal  was  to
        demonstrate its ability to retaliate
        asymmetrically. These attacks also
        needed to be visible and disruptive
        to influence public perception both
        domestically and internationally.
        According to the threat intelligence
        platform Falconfeeds, of the 72+
        groups it tracked, 59 were pro-Iran
        and 11 anti-Iran, with varying de-
        grees of sophistication depending
        on whether they were state-affiliated
        APTs, high-impact actors, or hacktiv-
        ist collectives.
          Regional Spillover and Proxy
                    Activity               Overall, cyber capabilities function less as decisive instruments of war and more as force multipliers that shape, support and exploit the effects
            From early March, these groups                                    of kinetic operations  (Agency File Photo)
        claimed to have carried out numer-
        ous operations, including a wave of
        DDoS disruptions against the Ku-      High-Value Targets and        ing in orthopaedics, MedSurg, neu-  that, in a kinetic war, less emphasis
        waiti  government  and  financial  in-   Blended Threats            rotechnology and hospital systems,  is placed on cyber effects once infra-
        stitutions such as the e-Government   While most of these incidents   employs  more  than  50,000  people   structure  is  physically  degraded.  Ki-
        portal, and the ministries of Defence,                              worldwide, including over 2,000 in   netic attacks tend to produce more
        Foreign Affairs, Health, Education,   qualified  as  low-level  cyberattacks   India working in R&D.  immediate and lasting damage, while
                                          without large-scale or enduring
        Finance, and Oil, as well as entities   damage,  several  “high-value  soft   The outage was global, with em-  cyber effects are often temporary.
        like  Burgan  Bank  and  the  Kuwait   targets”—such  as  undersea  cables,   ployees locked out of systems that   Overall, cyber capabilities func-
        News Agency.                      internet exchange points, cloud in-  were reportedly wiped. In successive   tion  less as  decisive  instruments of
            Known Israeli sites  targeted  by                               updates on its customer service page,  war  and  more  as  force  multipliers
        DDoS included  the Movement for   frastructure and global navigation   the company noted that the breach   that shape, support and exploit the
                                          systems—could be subject to kinetic
        Freedom of Information (meida.    attacks, and in some cases already   took place within its internal Micro-  effects of kinetic operations.
        org.il) and RAN Investment House,   were.  Amazon’s  Bahrain  data  cen-  soft environment. It took the compa-  While not decisive on their own,
        reflecting  ongoing  low-level  cyber   tre site was reportedly taken offline   ny over four days to recover, while its   they have been integral in preparing
        harassment in the Iran–Israel shad-  following nearby drone strikes, while   share price fell by 9 per cent, result-  the battlefield and enabling these ef-
        ow conflict. Jordanian websites also   two additional AWS-related sites   ing in an estimated US$ 6–8 billion   fects. At the same time, the relatively
        saw over 69 claimed incidents across                                loss in market capitalisation.    limited impact observed may reflect
        more than 40 targets, including gov-  in  the  UAE  were  directly  hit.  Iran   A pro-Iran hacktivist group call-  not only structural constraints—such
                                          justified  the  strike  by  accusing  Am-
        ernment ministries, banks, airports,   azon of supporting US military and   ing itself Handala, with links to Iran’s   as dependence on connectivity—but
        energy firms and ICS-related systems.  intelligence activity through its data   Ministry of Intelligence and Security   also a degree of strategic restraint,
            Bahrain  experienced  repeated                                  (MOIS), alleged that it had remotely   with more disruptive capabilities
        targeting,  reflecting  its  status  as  a   centres.               wiped over 200,000 systems and sto-  potentially held in reserve for esca-
                                              In the United States, too, critical
        Gulf state that hosts US naval assets,   infrastructure,  from  financial  ser-  len 50 terabytes of data.   lation.
        with multiple waves of DDoS attacks   vices to water utilities, to transpor-  The group claimed the attack
        hitting  government  ministries  and   tation infrastructure, has been the   was in retaliation for a February mis-  The author is a Research Fellow (SS)
        financial  institutions.  Qatar  also  re-  target of Iranian actors before and   sile strike that hit an Iranian school   in the Strategic Technologies Centre
        portedly faced significant DDoS traf-                               and killed at least 175 people, most   at the Manohar Parrikar Institute for
        fic  against  government  and  critical   could well come under attack again   of them children.          Defence Studies and Analyses
                                          after they regroup and as the kinetic
        services, including the Amiri Diwan,                                    Incidents such as the Stryker cy-
        Ministry of Interior e-services, and   conflict intensifies.        berattack demonstrate that while cy-  Views expressed are of the author and
                                                                                                               do not necessarily reflect the views of
        the national e-government portal.    The Stryker Cyberattack        ber operations may be secondary in   the Manohar Parrikar IDSA or of the
            Taken together, these opera-      The most notable event so far   strictly military terms, they can gen-
        tions reflect a pattern of distributed,  has been a major cyberattack against   erate  significant  economic  and  so-  Government of India.
        low-intensity cyber activity aimed at   US medical technology giant Stryker   cietal  disruption,  particularly  when   This article first appeared in the
        signalling capability. This could also   on 11 March, which resulted in glob-  targeting private-sector entities em-  Comments section of the website (www.
        mean that more disruptive options   al system outages and widespread   bedded in global supply chains.  idsa.in) of Manohar Parrikar Institute
        are being reserved for later stages of   operational  disruption. Stryker,  a   The relatively limited impact of   for Defense Studies and Analyses, New
        the conflict.                     US$  134  billion  company  specialis-  the cyber operations so far suggests   Delhi, on March 19, 2026


                                                               www.TheIndianEYE.com