The United Kingdom’s National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East.
While there is no significant change in the direct cyber threat from Iran to the UK, the NCSC said this could change at any time, given how quickly the situation is developing. As explained in a Monday advisory, this warning was primarily issued for organisations and entities with a presence or supply chains in the Middle East.
As the NCSC added, even though most of Iran is currently dealing with a widespread Internet blackout imposed by the Iranian regime, state-sponsored hacking groups are likely still able to attack targets.
“Iranian state and Iran-linked cyber actors almost certainly currently maintain at least some capability to conduct cyber activity,” the NCSC said.
UK organizations are advised to prepare for potential cyberattacks by following previously released guidance on DDoS attacks, phishing activity, and ICS Targeting.
Those facing attacks targeting their supply chains or offices in the Middle East are advised to review their external attack surface and increase monitoring.
“In light of rapidly evolving events in the Middle East, it is critical that all UK organisations remain alert to the potential risk of cyber compromise, particularly those with assets or supply chains that are in areas of regional tensions,” Jonathon Ellison, NCSC Director for National Resilience, told BleepingComputer in an emailed statement.
“Organisations are strongly encouraged to act now, following the recommended actions to prioritise and strengthen their cyber security posture.”
This warning follows a June advisory from the U.S. Department of Homeland Security, which warned of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists due to unrest in the Middle East.
One week later, a joint advisory issued by U.S. cyber agencies in October warned of Iranian-affiliated hackers targeting U.S. critical infrastructure.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
