Critical infrastructure attack claims in Iran cyber war linked to desired physical attacks
Hacking groups supporting Iran claimed new hits against critical infrastructure sectors, with some saying they had manipulated control systems and the earliest attacker of this conflict declaring that details they had swiped about a commercial complex were released to make a physical attack easier.
Hider Nex, a pro-Palestinian Tunisian hacking group that emerged in mid-2025, published on its Telegram channel Saturday what it said was “sensitive and precise information” and building plans for the Azrieli Business Park in Herzliya, Israel, which “houses embassies and major companies.”
According to the Azrieli Group, their business park’s tenants include LG, CEVA and SolarEdge, and the seven-building complex also includes shopping and dining.
“Whoever wants to bomb it, everything is ready,” the Hider Nex post continued.
According to Radware’s March 3 report on retaliatory cyber strikes in the U.S.-Israel-Iran conflict, Hider Nex, also known as the Tunisian Maskers Cyber Force, launched the first retaliatory DDoS attack of the war — targeting Israeli telecommunications organization Bezeq on Feb. 28.
APT IRAN, which last weekend detailed an attack manipulating agricultural sector control systems in an incident the Jordanian government said was aimed at destroying a strategic wheat stockpile, claimed in a Saturday post on Telegram to have breached Jordan’s Bank al Etihad: “Since yesterday, we have taken control of parts of the bank’s technical infrastructure and have begun a continuous manipulation and access operation.”
“The initial intrusion was through a management system implemented in Jordan that created several unwanted backdoors to the bank’s main servers,” APT IRAN added. “We sincerely thank the contractor responsible for implementing this system.”
The group, which is closely linked to CyberAv3ngers and has previously focused on operational technology targets, also claimed to have breached “the management systems of the solar project in the Aqaba Special Economic Zone.”
“The project, implemented by ISAR Engineering, had serious vulnerabilities, including the use of an outdated version of FileManager. Through this file manager, direct access to the execution of code on the central server was obtained,” APT IRAN claimed. “The other side thinks it is confronting our group, but the reality is that if we decide, we can affect a significant part of the Jordanian people’s funds, including disrupting the functioning of ATMs, payment systems, and related infrastructure.”
Cyber Islamic Resistance has posted a variety of claims on its X account over the past few days, including images it said came from the camera system of an Israeli health insurance company and claims to have attacked the websites of hospitals and medical clinics. Claims were also posted about alleged breaches of websites in the financial sector and educational institutions.
The group also posted Saturday five batches of images that it said were “systems accessed and controlled by our mujahideen, as permitted for publication” related to a breach of the Prima Park Hotel and other locations in Israel. “The doors were closed, and electricity and water were cut off to the hotel and the surrounding areas,” a Cyber Islamic Resistance post on X claimed. “Control systems were targeted, and all customer data and documents stored on its servers were withdrawn and extracted. The lighting network at the Technion [Israel Institute of Technology] was completely targeted, as were the control systems associated with Haifa’s main power station, the main line, and the industrial zone.”
DieNet, which the Radware report said accounted for nearly 33% of total claims in the first few days of the conflict, said in a Friday Telegram post that it would be attacking websites of critical sectors in Azerbaijan “because of its excessive and ongoing cooperation with Israel and America.”
The post singled out the cooperation shown by Iran’s northern neighbor with the United States in the areas of defense, energy, technology, agriculture and infrastructure projects.
“Therefore, it is a 100% legitimate goal,” DieNet declared.