Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran

Unit 42 reports on escalating Iranian cyberattack activity in March 2026, documenting direct observations of coordinated phishing campaigns, hacktivist operations, and cybercrime activities. The threat brief provides analysis of recent Iranian cyber operations and their tactics. Security defenders are provided with specific recommendations to counter these threats. The escalation represents a significant increase in cyber risk related to Iranian state-sponsored and affiliated groups. The report includes technical details and defensive measures for organizations to implement.