During a recent conflict with the United States and Israel, Iranian proxies launched an estimated 500,000 daily cyberattacks against critical infrastructure in the United Arab Emirates. This digital onslaught, occurring in the early days of the conflict, represented a significant escalation in Tehran's asymmetric warfare strategy, according to Mohamed Al Kuwaiti, the head of cybersecurity for the UAE Government. The sheer volume of these attacks underscores a clear shift in regional power dynamics.
Even as Iran's domestic internet connectivity plummeted to between one and four percent following initial US-Israeli strikes on its territory, the digital aggressions from its proxies continued unabated from locations outside Iran. These campaigns often began with phishing emails designed for data gathering, a tactic that quickly evolved into destructive operations, Al Kuwaiti told state media. This resilience in cyber operations, despite internal network disruptions, pointed to a well-prepared and distributed network of actors.
The strategic landscape of modern conflict now extends deep into the digital realm. Paolo Napolitano, an associate director at Dragonfly from Dow Jones, a London-based geopolitical and security risk firm, observed that cyber operations and influence campaigns have become an integral component of contemporary warfare. Iran and its linked actors made extensive use of these methods throughout the recent conflict with the United States and Israel.
Their objectives were clear. One striking example of this digital maneuvering occurred in the United Arab Emirates, where residents received text messages purporting to be from the Ministry of Interior, instructing them to "report immediately in case of any security incident." The MOI later cautioned its citizens against these "fake" messages. Such incidents illustrate a deliberate attempt to sow confusion and erode trust in official communication channels, a key element of psychological warfare.
Beyond direct technological interference, Iran's campaign extended into sophisticated information operations. Threatening text messages, ostensibly from Iran's Revolutionary Guards, reached Israelis, advising them to "wait for death." Simultaneously, evacuation orders, closely mimicking the controversial style used by the Israeli military in Gaza and Lebanon, urged civilians near critical infrastructure and major residential neighborhoods in Gulf Arab states to leave their homes. This dual approach targeted both adversaries and regional partners, creating a climate of fear.
Here is the number that matters: 500,000. That figure represents the daily average of cyberattacks launched by Iranian proxies against the UAE's critical infrastructure in the early stages of the conflict. This was not a random burst.
It was a sustained barrage. Mohamed Al Kuwaiti, head of cybersecurity for the UAE Government, noted a sharp spike in such activities weeks before the conflict officially began. In early March, attacks on web servers severely disrupted banking systems across the United Arab Emirates and Bahrain.
Financial transactions halted. Everyday banking activities ceased. This directly impacted commerce and the daily lives of millions.
The Revolutionary Guards also published a hit list of American companies and universities operating in the Middle East, including Meta, Oracle, Nvidia, Microsoft, and Google. Many firms responded by asking staff to work remotely. The economic opportunities within countries like Saudi Arabia, Qatar, and the UAE have long served as a magnet for foreign businesses.
These nations offer access to lucrative markets, significant capital, and competitive tax regimes. Global talent has flocked to these states, which for decades projected an image of stability in a region often characterized by volatility. Iran's digital and psychological campaign aimed directly at this carefully cultivated image.
It sought to inflict reputational damage, even when physical harm remained minimal. "Iran was under no illusion that it would be able to defeat the US and Israeli militaries conventionally," Napolitano stated. "It has probably for several years been preparing such methods for such a conflict." This preparation explains the coordinated nature of the cyber onslaught. They understood their limitations. In Jordan, Iran-linked groups launched cyberattacks targeting the storage temperatures of wheat reserves.
This aimed to damage strategic stockpiles in a country already struggling economically, as reported by the Jordanian National Cybersecurity Center in early March. Such an attack demonstrates a willingness to target civilian resources with potentially severe humanitarian consequences. Officials subsequently urged residents to change passwords after reports surfaced that Iran was hacking into CCTV and home security cameras. "Iranian hackers have been trying to access surveillance footage from cameras in Israel and the Gulf countries since the start of the war," explained Seyoung Jeon, a lead cyber analyst at Dragonfly.
This activity appears to support Iran's air strikes. It helps them identify target locations more accurately. It also assists in assessing damage from missile strikes.
Hundreds of miles from the Persian Gulf, Israeli citizens received equally ominous messages. "Thousands of Palestinian children died because of you. You and your family are a target for us. Wait for death," read one message in Hebrew, signed by the Revolutionary Guards.
These messages were designed to terrorize. Weeks prior to the war, Tehran issued warnings that any strike on its soil would trigger retaliation against Washington's regional allies. As speculation regarding an imminent attack intensified, particularly following the deployment of US warships to the region, a pro-Iran X account, "Iran Military Media," posted an image of Dubai's Burj Khalifa, the world's tallest tower, without any caption.
This veiled threat to the city generated considerable concern among residents. On February 28, in the hours following the first US-Israeli strikes on Tehran, Iran acted on its threats. Hundreds of projectiles were fired at cities previously known for their safety.
Anwar Gargash, a senior UAE official, described the situation as "the worst-case scenario." While some attacks targeted US bases, the Revolutionary Guards also struck civilian infrastructure. This included hotels in Dubai, residential high-rises in Bahrain, gas facilities in Qatar, and airports in Kuwait. Strip away the noise and the story is simpler than it looks.
Iran's strategy was to demonstrate reach and disrupt stability, not necessarily to achieve a conventional military victory. The psychological impact was as important as any physical damage. As information and disinformation spread about the extent of the damage from Iran's strikes, Gulf Arab governments moved quickly to control the public narrative.
Dozens of individuals were arrested in the UAE for filming missile interceptions or sharing videos deemed inappropriate. In Kuwait, Ahmed Shihab-Eldin, a prominent Kuwaiti-American journalist, was detained after sharing videos related to the Iran conflict. Qatar saw more than 300 arrests for "photographing, sharing and publishing misleading information."
This response had immediate effects. In the days that followed, residents began self-censoring in private chats. Many deleted posts out of fear of reprisal.
Even journalists working for some Western news outlets in the region adopted precautions, avoiding bylines on news stories and photographs. The chilling effect was palpable. Beyond the Middle East, Iran-linked hackers have extended their reach, striking targets far beyond the range of their physical missiles.
In recent weeks, they caused disruptions at multiple US oil, gas, and water sites, according to a US advisory and three sources familiar with the investigation. These hacks forced some industrial processes at the sites to shut down, requiring manual operation. Last month, Tehran-linked hackers leaked emails stolen from the private account of FBI Director Kash Patel.
Prior to that, they disrupted business for a major US medical device maker. The same groups claimed responsibility for breaching the personal devices and accounts of former Israeli military Chief of Staff Herzi Halevi, subsequently releasing dozens of photos and identification documents as proof. The market is telling you something.
Listen. When critical infrastructure, banking systems, and even personal security become targets, the cost of doing business in a region changes. Investor confidence hinges on predictability.
This conflict introduced significant uncertainty. Andy Piazza, senior director of threat intelligence at Unit 42 in Palo Alto Networks, noted that geopolitical tensions are now spilling into cyberspace in ways that are "more organized, sustained, strategic, and publicized than ever before." This represents a new frontier in global conflict. While the Islamic Republic possesses a "proven capability for highly sophisticated, multi-pronged cyber campaigns," Piazza added, initial cyber activity was significantly hindered by its own domestic internet connectivity issues.
Why It Matters: This expanded use of cyber and information warfare by Iran carries significant implications for global stability and the future of conflict. For Gulf states, the attacks challenge their carefully constructed image as secure economic hubs, potentially deterring foreign investment and talent. For international businesses, the heightened risk of digital disruption and data breaches necessitates a re-evaluation of security protocols and operational resilience in the region.
Furthermore, the use of psychological tactics, such as fake messages and targeted disinformation, highlights a broader threat to public trust and national security beyond physical borders. The conflict demonstrates that modern warfare is increasingly fought not just with missiles, but also with packets of data and carefully crafted narratives. Key Takeaways: - Iranian proxies launched hundreds of thousands of daily cyberattacks against Gulf states' critical infrastructure during the recent conflict. - The attacks included phishing, banking disruptions, and psychological operations using fake messages and targeted threats. - Iran's strategy aimed to inflict reputational damage and sow fear, challenging the Gulf states' image of stability. - Cyber operations extended to US oil, gas, and water sites, along with high-profile individuals like FBI Director Kash Patel.
The effectiveness of Iran's asymmetric campaigns remains challenging to quantify precisely, but a core objective was undoubtedly achieved, Napolitano observed. "The primary aim of these campaigns is to diffuse fear and amplify uncertainty in the Gulf," he stated, "thereby demonstrating that local authorities are unable to address threats coming from Iran." This suggests a long-term strategy to undermine governance. As the region navigates the aftermath, governments will continue to invest heavily in cybersecurity defenses. Observers will watch closely for any shifts in foreign direct investment patterns.
The coming months will reveal the true extent of this reputational damage and the resilience of Gulf economies.
Key Takeaways
— - Iranian proxies launched hundreds of thousands of daily cyberattacks against Gulf states' critical infrastructure during the recent conflict.
— - The attacks included phishing, banking disruptions, and psychological operations using fake messages and targeted threats.
— - Iran's strategy aimed to inflict reputational damage and sow fear, challenging the Gulf states' image of stability.
— - Cyber operations extended to US oil, gas, and water sites, along with high-profile individuals like FBI Director Kash Patel.
Source: CNN