Despite internet blackout, state-sponsored groups still maintain ability to launch operations abroad
The UK’s National Cyber Security Centre has warned organisations of an increased risk of Iran-linked cyberattacks amid the fast developing conflict in the Middle East.
UK National Cyber Security Centre (NCSC) has warned British organisations of a heightened risk of cyberattacks linked to Iran, as tensions continue to escalate across the Middle East.
In an advisory issued on Monday, the cyber defence agency said that while there has been no significant shift in the direct threat posed by Iran to the UK, the situation could change rapidly given the fast-moving nature of the conflict.
The alert is primarily aimed at organisations with operations, assets or supply chains in the Middle East. The NCSC said such entities could face increased exposure as regional instability persists.
“Iranian state and Iran-linked cyber actors almost certainly currently maintain at least some capability to conduct cyber activity,” the agency said.
Despite reports of a widespread internet blackout within Iran, imposed by the authorities, the NCSC assessed that state-sponsored groups are still likely to retain the ability to launch operations abroad.
Jonathon Ellison, the NCSC’s Director for National Resilience, said it was “critical that all UK organisations remain alert to the potential risk of cyber compromise, particularly those with assets or supply chains that are in areas of regional tensions”.
The centre has advised firms to review earlier guidance on mitigating distributed denial-of-service (DDoS) attacks, phishing campaigns and the targeting of industrial control systems.
Businesses operating in affected regions are also being urged to reassess their external attack surfaces and increase network monitoring.
Global concerns
The alert comes after a June notice issued by the US Department of Homeland Security, warning that instability in the Middle East had led to what it described as a “heightened threat environment” within the United States.
US officials said low-level cyberattacks by Iran-backed groups and pro-Iranian hacktivists were likely, and warned that the risk of extremist violence could increase if Iran’s leadership called for retaliation.
In August, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Defense Department’s Cyber Crime Center issued a joint advisory about an Iranian-linked threat group tracked as Br0k3r, also known by several aliases including Pioneer Kitten and Lemon Sandstorm.
Western cyber security officials have repeatedly identified Iran as one of the leading state actors engaged in disruptive and espionage-driven cyber activity, alongside China, Russia and North Korea.
Record year for UK cyber incidents
In October, the NCSC’s Annual Review revealed that the agency had recorded the highest level of cyber threat activity in nine years.
In the year to August 2025, the NCSC handled 204 “nationally significant” cyber incidents, up sharply from 89 the previous year. Of the 429 total incidents managed during that period, 18 were categorised as “highly significant”, meaning they had the potential to cause serious disruption to essential services.
The NCSC, which forms part of Government Communications Headquarters (GCHQ), said state-backed threats from China, Russia, Iran and North Korea remained the most persistent and sophisticated.
Last week, the UK government announced the launch of a new vulnerability monitoring service designed to reduce cyber risks across the public sector.
The system continuously scans the internet-facing infrastructure of around 6,000 public bodies, including councils and health authorities, for known weaknesses and backdoors.
Officials said the service has already reduced the time taken to fix some of the most serious digital vulnerabilities by 84%.
Leave a comment