According to a report published by Radware, 149 separate DDoS attack claims were documented between February 28 and March 2, 2026. These incidents targeted 110 distinct organizations spanning 16 countries. Twelve different groups participated in the activity. Three of them, Keymous+, DieNet, and NoName057(16), were responsible for 74.6 percent of the total claims. Radware further noted that Keymous+ and DieNet alone accounted for nearly 70 percent of activity during that period.
The earliest attack in this wave was attributed to Hider Nex, also known as the Tunisian Maskers Cyber Force, on February 28. Information shared by Orange Cyberdefense describes Hider Nex as a Tunisian hacktivist collective aligned with pro-Palestinian causes. The group reportedly employs a dual strategy that combines service disruption with data theft and public leaks to amplify political messaging. Researchers trace its emergence to mid-2025.
Geographically, 107 of the 149 DDoS claims were directed at organizations in the Middle East, where government bodies and public infrastructure entities were disproportionately affected. Europe accounted for 22.8 percent of the global targeting during the same timeframe. By sector, government institutions represented 47.8 percent of all affected entities worldwide. Financial services followed at 11.9 percent, while telecommunications organizations accounted for 6.7 percent.
Within the Middle East, three countries experienced the highest concentration of reported activity. Kuwait accounted for 28 percent of regional attack claims, Israel represented 27.1 percent, and Jordan comprised 21.5 percent, according to Radware’s analysis.
Threat intelligence from Flashpoint, Palo Alto Networks Unit 42, and Radware identified additional groups engaged in disruptive campaigns, including Nation of Saviors, Conquerors Electronic Army, Sylhet Gang, 313 Team, Handala Hack, APT Iran, Cyber Islamic Resistance, Dark Storm Team, FAD Team, Evil Markhors, and PalachPro.
The cyber activity extended beyond DDoS operations. Pro-Russian hacktivist collectives Cardinal and Russian Legion publicly claimed breaches of Israeli military networks, including the Iron Dome missile defense system. These assertions have not been independently verified.
Separate threat reporting identified an active SMS-based phishing operation distributing a counterfeit version of Israel’s Home Front Command RedAlert mobile application. Victims were reportedly persuaded to install a malicious Android package disguised as a wartime update. Once installed, the application displayed a functional alert interface while covertly deploying surveillance and data-exfiltration capabilities.
Flashpoint also reported that Iran’s Islamic Revolutionary Guard Corps targeted energy and digital infrastructure sectors in the Middle East, including Saudi Aramco and an Amazon Web Services data center in the United Arab Emirates. Analysts assessed that the intent was to impose broader economic pressure in response to military losses.
Researchers at Check Point observed that Cotton Sandstorm, also known as Haywire Kitten, revived a previous online identity called Altoufan Team and claimed responsibility for website compr
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: