The Army Without Borders: Iran's Sixty Groups and the New Shape of War
Sixty-plus hacktivist groups have turned cyberspace into Tehran's second front, and the global community is still dangerously underestimating exactly what that means
When missiles fell on Tehran in late February 2026, the Islamic Republic of Iran did not answer only with kinetic salvos or conventional ballistic threats. It answered with a distributed digital campaign so broad, so fast, and so structurally opaque that it forced diplomats, generals, and intelligence professionals into a completely new, uncomfortable vocabulary of war. Within hours of the initial strikes, an "Electronic Operations Room" reportedly coordinated more than sixty hacktivist and state-aligned cyber groups across multiple continents. This was not a panicked, ad hoc reaction; it was a pre-staged, synchronized surge.
Hospitals, fuel networks, energy firms, and critical government systems from Jordan to Israel were hit with a relentless barrage of defacements, mass data leaks, and disruptive system intrusions. The message sent to the West and its regional allies was unmistakable: Tehran had opened a second front that could not be intercepted by traditional air defence systems or deterred by the conventional architecture of economic sanctions.
This is the exact shape of modern conflict that Westphalian states still struggle to properly name. It is not a conventional army with a clear, linear chain of command. It is not merely a gang of freelance hackers looking for a quick financial payout. It is a highly volatile, hybrid ecosystem in which state doctrine, ideological zeal, criminal opportunism, and advanced technical skill converge into a single weapon. Iran has not only weaponised these hackers; it has successfully turned cyberspace into a theology of resistance, with each disparate group reciting the exact same strategic doctrine in different digital accents.
The Mirage of Attribution
The first lesson of this new era is simple: attribution no longer arrives wearing neat uniforms. In the past, state-sponsored attacks could often be traced back to a specific military unit. Today, that clarity has been intentionally dissolved. Handala Hack, perhaps the most visible of these sixty-plus groups, has been explicitly linked by US officials and private cybersecurity firms to Iran's Ministry of Intelligence and Security. Yet, it operates under the guise of an independent collective.
Its recent breach of FBI Director Kash Patel's personal email account, alongside the highly publicized publication of old photos and personal documents, was not about espionage in the classic, intelligence-gathering sense. It was about public humiliation, precise political timing, and strategic messaging.
The US State Department has offered a $10 million reward for identifying the specific individuals behind the operation, while the FBI swiftly attempted to mitigate the damage by stating the leaked material was merely historical rather than actively classified. Even so, the breach tells us what Tehran understands very well: in a modern digital war, the erosion of a rival's prestige and the resulting public embarrassment can be far more strategically damaging than the physical destruction of a building.
Sun Tzu in the Networked Age
That is precisely where Sun Tzu remains oddly, almost chillingly contemporary. The ancient strategist wrote that supreme excellence lies in breaking the enemy's resistance without fighting, and that all warfare is fundamentally based on deception. Iran's current cyber campaign is Sun Tzu expertly updated for the networked, fibre-optic age: attack when you can, deny what you are doing, thoroughly blur the source of the strike, and let bureaucratic uncertainty do the rest.
A malicious website or a command-and-control server may appear Iranian in its rhetoric, host its data on servers in Russia, register its domain name through a shell company in Tonga, and still function as a highly coordinated weapons system. This is not technical sloppiness. It is a deliberate architectural design meant to paralyze the victim’s legal and military response.
The Cyber Ecosystem
A Three-Layered Threat: The sixty-plus groups now active under Iran's protective cyber umbrella do not form a single monolith. They operate across three broad, distinct layers, each serving a specific strategic purpose.
At the top are the heavy-hitters—state-linked personas such as Handala Hack and APT Iran. These groups combine high-profile hack-and-leak tactics, severely disruptive infrastructure attacks, and selective psychological warfare. Their objectives are political as much as they are operational: they seek to actively pressure Israel, publicly embarrass the United States, and signal undeniable domestic resilience to their own citizens at home.
The second layer consists of technically sophisticated Advanced Persistent Threat (APT) actors, such as APT33, APT34, and Moses Staff. These are not the headline-grabbing, website-defacing crews. They are the patient, long-game operators. They quietly plant "logic bombs" and persistent backdoor access inside vital telecommunications networks, financial sectors, global logistics pipelines, and defence supply chains. In intelligence language, they are not necessarily stealing data for immediate, tactical use; they are actively installing long-term leverage for a future geopolitical crisis.
The third layer is, in many ways, the most dangerous because it is the hardest to control and the easiest to infinitely expand. It includes loose hacktivist collectives, nationalist civilian volunteers, opportunistic cybercriminals, and broad ideological sympathisers. This massive crowd can be instantly activated through public messaging, encrypted Telegram coordination channels, or simply a shared alignment with anti-Western sentiment. This is exactly how a state can multiply its offensive power tenfold without ever formally commanding a single attack. It is also how total deniability becomes a viable military strategy.
Why It Matters
A Warning Beyond the Middle East The ultimate significance of this proxy model goes far beyond the immediate borders of Israel and the United States. Iran has effectively demonstrated that a mid-tier global power, even while existing under severe, crippling military pressure and economic isolation, can still impose catastrophic strategic costs on stronger, wealthier states by distributing its cyber action across a wide, ideologically coherent network. That dangerous lesson will absolutely not remain confined to the Middle East. North Korea, Russia, China, and a host of well-funded non-state actors are already meticulously studying and replicating the model.
For India, the warning is incredibly direct. Pakistan's military and intelligence apparatus has long cultivated kinetic proxy warfare through militant groups. The Iranian model heavily suggests that the next phase of this regional conflict may be deeply cyber-centric, heavily deniable, and regionally dispersed.
Critical power grids, railway signalling networks, financial systems, defence procurement pipelines, and public communications networks now sit inside a volatile threat environment where unseen ideological groups can act as devastating force multipliers. Srinagar, with its highly strategic geography, ongoing political sensitivities, and increasingly digitized infrastructure, cannot afford to view this as a distant, foreign war. It is not an anomaly; it is a preview of what is to come.
The Intellectual Frame
Deception and Distortion: Two classic books help explain why this shift matters so much. Sun Tzu's The Art of War remains the clearest guide to the strategic logic of deception, ambiguity, and indirect pressure that Iran is currently utilizing. What Iran has built is not just a digital arsenal of malware; it is a meticulously constructed system of calibrated uncertainty. That is Sun Tzu's world entirely, brought to life through cloud servers and malicious code.
The second framework is George Orwell's Nineteen Eighty-Four. Orwell wrote not about cyber warfare, but about the insidious politics of control through information, factual distortion, and psychological dominance. Iran's digital strategy does not merely seek to temporarily disrupt computer networks; it actively shapes civilian perception, systematically corrodes public trust in democratic institutions, and weaponizes mass confusion. In that sense, Orwell is not just a clever literary metaphor here. He is an urgent, flashing warning.
What the World Needs
The international community still woefully lacks a credible, unified framework for this kind of asymmetrical conflict. Existing international cyber norms are far too vague, forensic attribution is far too slow to be politically useful, and proportional military response is too often left to hesitant, ad hoc national judgment.
What is desperately needed now is a robust doctrine of digital statecraft. This must include shared, rapid attribution mechanisms between allied nations, legally enforceable infrastructure protection standards, and much clearer, internationally recognised rules for cyber-response that do not automatically force nations to escalate into kinetic, shooting wars.
None of that will be politically or technically easy to achieve. But the alternative is far worse: a world where the next great war is fought relentlessly in our civilian hospitals, our central banks, our shipping ports, and our personal inboxes, all while paralysed governments continue pretending it is only a technical nuisance.
Iran has already shown exactly what a distributed cyber army can do. The world should stop calling it a sideshow. It is the battlefield.
(The Author is Executive Editor of Rising Kashmir)
Leave a comment