Yesterday at 20:03
Iran and its proxies have already opened a new digital front — and the critical infrastructure of Europe has found itself first in the crosshairs
The war in the Middle East, which began on February 28, 2026, with a joint American-Israeli operation against Iran, has in a matter of weeks opened a digital front that stretches far beyond the region of hostilities. European scientific institutions, energy networks, shipping companies, and even the cloud infrastructure of the European Commission have come under the sights of cyber operations linked to Iranian special services or those acting under their banner.
According to data from Akamai company, the overall level of cybercrime has increased by 245% since the beginning of the conflict, with the banking and fintech sector absorbing 40% of the malicious traffic, followed by e-commerce and technology companies. This is no longer an abstract threat, but real pressure on the critical infrastructure of states that are formally not parties to the conflict.
Read more in the article by Dmytro Levus, foreign policy expert, analyst at the Kyiv-based United Ukraine Think Tank
As Dmytro Levus explains, recent cyber incidents across Europe illustrate how modern conflicts are increasingly spilling beyond traditional battlefields and into critical civilian infrastructure. On March 12, 2026, Poland’s National Center for Nuclear Research reported an attempted cyberattack on its IT systems. While the MARIA research reactor continued operating normally and security protocols successfully blocked the intrusion, the case highlights the growing exposure of strategic facilities. Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, noted that initial indicators pointed toward Iran, though he cautioned that such traces could be deliberately misleading.
Levus emphasizes that this uncertainty is typical of contemporary cyber operations. Attackers frequently plant false indicators—through language settings, routing paths, or fragments of malicious code—to obscure attribution. While no group has claimed responsibility in this case, the broader context suggests a pattern rather than an isolated incident. Earlier, in January 2026, the Russian-linked group APT44, also known as Sandworm, targeted Poland’s energy infrastructure, damaging dozens of facilities and affecting industrial control systems.
At the same time, another front of cyber risk has emerged in Southern Europe. In early March, Greece’s national cybersecurity authority issued a high-priority alert to key sectors—including shipping, banking, telecommunications, and energy—warning of active threats. According to Reuters, the alert included specific indicators of compromise, such as IP addresses and malware tools, including the VShell remote access trojan. At least two major shipping companies confirmed receiving the warning.
Levus notes that Greece’s vulnerability is particularly significant given its role in global maritime logistics. Greek-controlled fleets account for a major share of global tanker transport, including routes through the Strait of Hormuz. Disruptions to these operations could therefore have cascading effects on global supply chains, especially in the context of heightened tensions in the Middle East.
These incidents, Levus argues, are not isolated cases but part of a broader escalation. According to assessments by Unit 42, more than 60 hacktivist groups have intensified their activity since the start of the current crisis, with pro-Russian actors joining the wave early on. Among the most prominent is the group Handala, which U.S. authorities have linked to Iran’s Ministry of Intelligence. On March 11, this group carried out a destructive cyberattack against the U.S.-based medical technology company Stryker, affecting data across dozens of countries.
For Europe, this evolving situation presents a structural challenge. As Levus highlights, conflicts in regions such as the Middle East are increasingly extending into European infrastructure without formal declarations of hostilities. Critical sectors—including nuclear research, shipping, healthcare, aviation, and even EU institutional systems—are becoming targets despite not being direct participants in the conflict.
Data from cybersecurity firms further underline the scale of the threat: botnet activity aimed at identifying vulnerabilities has surged, automated network reconnaissance has intensified, and attempts to harvest credentials are rising sharply. Experts warn that such trends reflect a deliberate expansion of the “attack surface,” exposing European infrastructure to tactics previously used in high-intensity geopolitical confrontations.
Despite regulatory efforts such as the NIS2 Directive and the Cyber Solidarity Act, Levus notes that European defenses remain insufficient for threats of this magnitude. Organizations that once considered themselves outside the scope of geopolitical conflict are increasingly finding themselves on the front line of cyber warfare. According to Levus, this trend is likely to accelerate, marking a shift in how modern conflicts are waged—where infrastructure, data, and networks become primary targets alongside traditional military assets.
Read the FULL article on the Gaze: No Borders in Cyberspace: the Iran War Brought the Digital Front to Europe
