Welcome to SOCRadar’s Operation Epic Fury Week 2 Cyber Threat Assessment Report!

The second week of Operation Epic Fury demonstrated how quickly cyber conflict can evolve alongside geopolitical escalation. While disruption campaigns continued across the Middle East, the cyber battlefield expanded through new hacktivist coalitions, intensified DDoS campaigns, and growing claims of attacks against government and critical infrastructure systems. SOCRadar’s Operation Epic Fury Week 2 Cyber Threat Assessment Report provides a structured view of the second phase of cyber activity surrounding the conflict, highlighting the actors, techniques, and sectors most exposed during the period.

Download the full report today to gain strategic visibility into the cyber risks emerging from Operation Epic Fury and strengthen your organization’s readiness in a rapidly evolving conflict-driven threat environment.

Key Insights from Operation Epic Fury Week 2 Cyber Activity

• Cyber Operations Continued at Scale: The second week recorded over 500 cyber incidents across 7 days, showing sustained disruption campaigns following the initial escalation.

• DDoS Remained the Primary Attack Method: Distributed denial-of-service attacks continued to dominate operations, representing over 70% of all incidents during the reporting period.

• Israel Remained the Main Target: Israel continued to absorb the largest share of attacks, accounting for roughly half of all recorded incidents during Week 2.

• Regional Spillover Expanded Further: Gulf and neighboring states—including Kuwait, Jordan, Bahrain, and Qatar—remained heavily targeted as the cyber conflict spread across the broader region.

• Government and Critical Infrastructure Were Key Targets: Government institutions, financial services, aviation, and energy-related sectors remained among the most frequently targeted industries.

• Hacktivist Coalitions Continued to Grow: Pro-Iran aligned hacktivist groups remained highly active, with dozens of groups coordinating campaigns and amplifying attacks through social channels.

• International Actors Entered the Conflict: Russian-affiliated hacktivist groups and other international actors continued to participate, expanding the geopolitical dimension of the cyber campaign.

• OT and ICS Targeting Claims Increased: Claims of attacks against industrial systems, water utilities, and energy infrastructure appeared more frequently during Week 2.

• Information Warfare Intensified: Alongside technical attacks, disinformation campaigns and coordinated messaging became a major component of the cyber conflict.

Why This Report Matters

Operation Epic Fury illustrates how cyber operations rapidly become a parallel battlefield during geopolitical conflict. The combination of hacktivist mobilization, cross-border DDoS campaigns, and early interest in industrial infrastructure highlights how cyber escalation can spread beyond the immediate conflict zone. Organizations in affected regions must prepare for disruption attempts, phishing campaigns, and infrastructure-focused attacks linked to geopolitical tensions.

Take Action Now

• Threat Intelligence Monitoring: Track hacktivist groups, geopolitical cyber actors, and conflict-driven campaigns in real time.

• DDoS Preparedness: Strengthen defenses protecting public-facing portals, financial services, and government infrastructure.

• Critical Infrastructure Visibility: Monitor exposure across energy, aviation, logistics, and water systems.

• Incident Response Readiness: Prepare for phishing, ransomware, and credential abuse tied to ongoing geopolitical cyber activity.