Pro-Iranian hackers declare 'cyber war'... Rising demand for Korean cybersecurity [U.S.–Iran war]

Following the recent military clashes between the United States of America (U.S.), Israel, and Iran, a series of hacking declarations by pro-Iranian hacker groups has heightened tensions across the Middle East. These so-called "hacktivists," who attack security systems for political purposes, have been posting claims on the dark web and other channels that they have targeted government agencies, financial institutions, and industrial sectors in the region. As the Middle East undergoes rapid digital transformation and concentrates critical infrastructure such as military and energy facilities, demand for cybersecurity is expanding. With the current state of tension expected to continue, analysts say demand for Korean cybersecurity companies already operating in the Middle East is also likely to grow.

According to monitoring of the dark web and Telegram by the AhnLab Security Intelligence Center (ASEC) on the 4th, activity by pro-Iranian hacking groups has surged since the U.S. airstrike on Tehran. Their stated targets include government agencies in the Middle East, financial institutions, airports, Industrial Control System (ICS) environments, and payment platforms.

A group calling itself "FAD Team" announced on its Telegram channel that the six member states of the Cooperation Council for the Arab States of the Gulf (Gulf Cooperation Council, GCC) — including Qatar, Kingdom of Saudi Arabia (KSA), and Jordan — are on its target list. The group also claimed it had infiltrated control systems for wind power facilities in Israel and certain Middle Eastern countries and obtained access rights, describing this as revenge for the death of Iran’s Supreme Leader Ali Hosseini Khamenei. Another group, "313 Team," declared that Israel, Jordan, the United States of America (U.S.), KSA, and others are its targets, and asserted that it had temporarily disabled Jordan’s official government portal, as hacktivist manifestos continue to flood online.

Hacktivists have previously carried out attacks on key infrastructure in Middle Eastern countries. According to a report titled "Iran Advanced Persistent Threat (APT) Groups and Hacktivist Trends" provided by AhnLab TIP (Threat Intelligence Platform), an Advanced Persistent Threat (APT) group conducted large-scale Distributed Denial-of-Service (DDoS) attacks against 46 U.S. banks between 2011 and 2013. In 2020, they attempted to seize control of Israel’s water system Power Line Communication (PLC) infrastructure, and after the Gaza War broke out in 2023, they mounted combined campaigns against Israeli government agencies and companies involving hacking, ransomware, and propaganda.

The situation could create new opportunities for Korean cybersecurity firms active in the Middle East. In 2024, AhnLab partnered with Saudi cybersecurity company SITE to establish a joint venture called "Rakeen." AhnLab is currently supplying endpoint and network security product lines and plans to expand its business into other parts of the Middle East. That same year, Genians opened a local office in Dubai and secured a Saudi public institution as the first customer for its Endpoint Detection and Response (EDR) solution. In terms of customer numbers, the Middle East now accounts for the largest share of its client base. RaonSecure is in discussions to supply solutions such as Decentralized Identity (DID) services in the Middle East.



kaya@fnnews.com Choi Hye-rim Reporter