DieNet & Keymous+ maintain elevated tempo against Gulf banks and government portals. NCA ECC-2-2024 compliance checks triggered across critical sectors.
DDoSFinance
🔴
30 Mar 2026
Iran Coordinates Hezbollah Cyber-Ops Against Gulf
Israeli Cyber Directorate confirmed Iran increasingly coordinating attacks with Hezbollah targeting Gulf infrastructure. UAE and Gulf SOCs on heightened alert.
APTCritical Infra
🟠
29 Mar 2026
Supply-Chain Attack: npm Packages Backdoored
Two React Native packages backdoored — 130,000+ downloads. GCC dev teams warned to audit dependencies. Credential & crypto theft malware deployed.
Supply ChainAdvisory
🔵
28 Mar 2026
US DoJ Seizes MOIS-Linked Cyber Domains
US Justice Department seized multiple domains linked to Iran's MOIS. Expected to temporarily disrupt Handala Hack C2 infrastructure.
TakedownMOIS
🟡
27 Mar 2026
CVE-2026-33017 Exploited — Langflow RCE 0-Day
Critical unauthenticated RCE weaponized within 20 hours of disclosure. Gulf AI deployments in government and finance flagged for immediate patching.
0-DayRCEAI Infra
Monthly Cyber Incident Trend
Latest Intelligence Feed — March 2026
CRITICAL
Handala Hack upgraded to Tier 1 — confirmed destructive wiper after Stryker attack wiped 56,000+ devices globally on March 11
Check Point Research · Trellix · March 2026
CRITICAL
149 hacktivist DDoS attacks hit 110 organisations in 16 countries — DieNet & Keymous+ driving ~70% of all activity since Operation Epic Fury
The Hacker News · Radware · Flashpoint · March 2026
CRITICAL
Iran-linked hackers penetrate Gulf CCTV networks to build surveillance network for missile targeting intelligence
PBS NewsHour · Financial Times · March 2026
HIGH
MuddyWater deploys LampoRAT via spear-phishing — GCC government, telecom, and finance sectors actively targeted
Check Point Research · Trellix · March 23, 2026
HIGH
Pioneer Kitten assessed active via pre-positioned access — Gulf energy sector at risk of Pay2Key ransomware resurgence
Trellix Iranian Cyber Capability 2026 Report
ADVISORY
CVE-2026-33017: Critical Langflow RCE exploited within 20 hours — immediate patching required for AI deployments in the Gulf
Check Point Threat Intelligence · March 23, 2026
ADVISORY
Ramadan-themed coupon lures used in phishing campaigns targeting retail customers across Middle East
CloudSEK · March 18, 2026
POLICY
NCA ECC-2-2024 and UAE cybersecurity frameworks now enforceable — cyber resilience declared pillar of sovereign stability
Iran's IRGC struck Aramco energy systems to "inflict maximum global economic pain" — highest-consequence energy sector targeting since Shamoon 2012. Simultaneous with AWS UAE drone strike.Mar 2026→ Read
Iranian drones struck AWS data centers in UAE and Bahrain — residents locked out of banking apps, payment services, and government portals. War reached the cloud.Mar 2026→ Read
Iran-backed group reactivated after 12 months of silence — deployed wipers disguised as ransomware, ASPX web shells, and LotL techniques. Bahrain logged 90 confirmed incidents.Late Feb – Mar 2026→ Read
Iranian-aligned actors confirmed scanning and targeting two of the world's largest LNG export facilities. Compromise would disrupt global LNG supply chains. Oman also in scope.Mar 2026→ Read
UAE Cybersecurity Council foiled a massive AI-powered attack using adaptive social engineering and obfuscated payloads. 128+ cyber incidents logged across UAE govt and banking in early 2026.22–23 Feb 2026→ Read
Sensitive data on senior Abu Dhabi business executives and officials leaked — PII, financial affiliations, political connections exposed. Timed with UAE-KSA geopolitical competition.17 Feb 2026→ Read
New backdoors "Dindoor" (Deno runtime) and "Fakeset" (Python) deployed via spear-phishing across GCC. Enables persistent access, credential theft, lateral movement across government and banks.Feb – Mar 2026→ Read
DieNet claimed DDoS on both major Saudi banks. Claims circulated on Telegram dark web boards. Part of 149+ hacktivist attacks hitting finance across 16 GCC countries.1–6 Mar 2026→ Read
DDoS on MoI's Human Capital Management and Internal Management Systems — targeting civil service administrative infrastructure to disrupt government operations.28 Feb – 1 Mar 2026→ Read
DieNet claimed DDoS on Sharjah International Airport (passenger portal) and du national telecom operator. UAE leads GCC with 220 of 550 total incidents — 134 were defacements.Feb – Mar 2026→ Read
Simultaneous multi-actor hit: DieNet on Bahrain Airport; Sylhet Gang on eGovernment Authority; Batelco telecom also cited. Coordinated multi-vector targeting of national infrastructure.28 Feb – 2 Mar 2026→ Read
313 Team (Iraq-based pro-Iran) claimed defacement & DDoS on Kuwait Armed Forces, MoD, and Gov portal simultaneously. Kuwait accounts for 28% of all GCC attack claims per Radware.Mar 2026→ Read
Single coordinated DDoS hit on Qatar's Gov portal, MFA, MoEducation, MoInterior, and Communications Office — five targets simultaneously, signaling broad disruption intent.28 Feb 2026→ Read
3 new Iran-aligned groups emerged Feb 28 — DDoS, defacements, data theft synchronized with military ops. Makes attribution harder. Hider Nex launched the campaign's very first DDoS attack.28 Feb – Apr 2026→ Read