Full Report
Insikt Group tracks the cyber, physical, and geopolitical components of the US-Israeli strikes on Iran — with continuously updated threat analysis and scenarios.
Analysis Summary
# Incident Report: Operation Epic Fury & Iranian Kinetic-Cyber Escalation
## Executive Summary
Following coordinated US-Israeli airstrikes ("Operation Epic Fury" and "Operation Lion's Roar") on February 28, 2026, which resulted in the death of Supreme Leader Ali Khamenei and senior IRGC leadership, Iran launched "Operation Truthful Promise 4." This multi-domain retaliation includes kinetic missile/drone strikes across nine countries and a significant, escalating cyber and influence operation component. The conflict has caused significant loss of life, destroyed critical Iranian defense and potential nuclear infrastructure, and disrupted global maritime trade in the Strait of Hormuz.
## Incident Details
- **Discovery Date:** February 28, 2026
- **Incident Date:** February 28, 2026 – Ongoing (Last updated March 4, 2026)
- **Affected Organization:** Government of Iran, US CENTCOM, IDF, Various Maritime and Energy entities.
- **Sector:** Government, Defense, Energy, Critical Infrastructure, Maritime.
- **Geography:** Iran, Israel, USA, and regional Gulf states (Bahrain, Qatar, Kuwait, UAE, Saudi Arabia, Jordan, Iraq, Cyprus).
## Timeline of Events
### Initial Access (Kinetic & Electronic)
- **Date/Time:** February 28, 2026
- **Vector:** Coordinated aerial bombardment and likely electronic warfare/cyber operations to disable air defenses.
- **Details:** US and Israeli forces conducted ~900 strikes in the first 12 hours targeting ballistic missile programs and leadership hubs.
### Lateral Movement (Regional Escalation)
- **March 1–4, 2026:** Iran-backed militias (Islamic Resistance in Iraq) initiated secondary front attacks on US bases. Iran expanded its target set to include regional US allies (UAE, Saudi Arabia).
### Data Exfiltration/Impact
- **Leadership Decapitation:** Death of Supreme Leader Ali Khamenei and 40 senior IRGC commanders.
- **Infrastructure Damage:** Destruction of the Minzadehei underground complex and damage to Natanz and Isfahan sites.
- **Human Toll:** 6 US service members killed; 9 Israeli civilians killed; 3 UAE residents killed.
### Detection & Response
- **Detection:** Immediate via satellite imagery (IAEA), radar, and official government announcements.
- **Response:** US deployment of additional regional forces; Iranian closure of Strait of Hormuz via VHF warnings; UAE activation of air defense systems.
## Attack Methodology
- **Initial Access:** Tactical air strikes and coordinated missile volleys.
- **Persistence:** Iranian state-aligned actors utilizing "Emerald Divide" influence campaigns to sustain regional unrest.
- **Privilege Escalation:** Not applicable (Kinetic context).
- **Defense Evasion:** Use of underground covert facilities (Minzadehei compound); Iranian use of mobile drone/missile launchers.
- **Credential Access:** N/A (Current focus on kinetic/geopolitical impact).
- **Discovery:** US/Israeli intelligence identifying the "Minzadehei" covert nuclear compound.
- **Lateral Movement:** Proxies (Hezbollah/Iraqi Militias) expanding the combat theater geographically.
- **Collection:** Satellite reconnaissance and signal intelligence.
- **Exfiltration:** N/A.
- **Impact:** Massive physical destruction of C2 (Command and Control) nodes and critical infrastructure.
## Impact Assessment
- **Financial:** Extreme volatility in energy markets; 90% decline in Strait of Hormuz transits affecting global trade.
- **Data Breach:** Compromise of Iranian classified nuclear development locations.
- **Operational:** Total disruption of Iranian central government chain of command; suspension of major maritime transits.
- **Reputational:** Massive domestic legitimacy crisis for the Iranian regime during the succession transition to Mojtaba Khamenei.
## Indicators of Compromise
- **Network Indicators:** Monitoring for increased activity from Iranian APTs (linked to previous Suleimani-response patterns).
- **Behavioral Indicators:**
- VHF radio warnings regarding Strait of Hormuz.
- Fatwas calling for global retaliatory action.
- Coordinated disinformation via "Emerald Divide" assets.
## Response Actions
- **Containment:** Activation of regional "Iron Dome" and "Patriot" batteries to intercept IRGC missiles.
- **Eradication:** Precision strikes against IRGC naval assets (Jamaran-class corvette) to prevent naval blockades.
- **Recovery:** US CENTCOM reinforcing regional assets to stabilize the "Operation Epic Fury" campaign.
## Lessons Learned
- **Leadership Vulnerability:** Centralized Command-and-Control (C2) in Iran proved highly vulnerable to coordinated leadership strikes.
- **Proxy Resilience:** Disruption of Tehran's central leadership did not immediately stop decentralized attacks by regional proxies.
- **Multi-industry Impact:** Conflict in this region immediately translates to maritime and energy sector risk (90% traffic reduction).
## Recommendations
- **Critical Infrastructure:** Organizations in the US, Israel, and Gulf states should harden defenses against Iranian state-sponsored cyber retaliation.
- **Maritime Security:** Implement alternative routing for shipments scheduled through the Strait of Hormuz.
- **Cyber Vigilance:** Defend against influence operations aimed at exploiting domestic political divisions during the conflict.