UK businesses operating in the Middle East have been warned to heighten their cyber security measures following escalating tensions and attacks involving US and Israeli forces.
The National Cyber Security Centre (NCSC) issued guidance stating that organisations with offices or supply chains in the region face an “almost certain” risk of indirect cyber threats linked to Iran.
Despite a severe bombing campaign that has targeted Iran’s political and military leadership – including the reported death of Supreme Leader Ayatollah Ali Khamenei – the NCSC said Iranian state-linked hackers remain a credible threat.
“Iranian state and Iran-linked cyber actors almost certainly currently maintain at least some capability to conduct cyber activity,” the agency said in its alert published on Monday.
The warning highlighted that while the direct cyber threat to the UK itself is unlikely to have increased significantly, companies operating in the Middle East could face collateral risks from Iran-linked hacktivist activity. Firms were urged to strengthen IT monitoring and follow NCSC guidelines for operating under heightened cyber threat conditions.
Jonathon Ellison, NCSC director for national resilience, stressed that UK organisations, particularly critical infrastructure providers such as airports and power stations, must act promptly to protect themselves.
“In light of rapidly evolving events in the Middle East, it is critical that all UK organisations remain alert to the potential risk of cyber compromise, particularly those with assets or supply chains in regions experiencing tension,” Ellison said.
Iran has been linked to several high-profile cyber-attacks in the past, targeting US banks, Saudi Aramco, and the Las Vegas Sands hotel and casino between 2012 and 2014.
Rafe Pilling, director of threat intelligence at Sophos, said the UK is unlikely to be a primary target for Iranian cyber attacks. However, British firms could still be affected opportunistically by state-backed hackers and hacktivist groups.
“A lot of these groups act opportunistically. They will target organisations that are convenient or vulnerable,” Pilling said. He added that while Iran’s cyber capabilities are not on the scale of China or Russia, past attacks demonstrate the country can still inflict substantial disruption.
US cybersecurity firm CrowdStrike has reported increased activity from Iran-linked hackers, including distributed denial-of-service (DDoS) attacks aimed at overwhelming company servers.
Cynthia Kaiser, former FBI cyber division official and senior VP at Halcyon, described Iran’s cyber operations as “a murky blend of state sponsorship, personal profiteering, and outright criminal activity.” She warned that Tehran could mobilise cyber actors in retaliation to US or Israeli military actions.
Halcyon has observed Iranian-linked efforts to exfiltrate data from organisations holding sensitive personal records, likely to identify potential dissidents. Kaiser added that companies operating in the Middle East also face the risk of physical attacks on datacentres, which could disrupt business operations until systems are restored.
The NCSC advised UK firms with regional exposure to maintain robust cybersecurity protocols, conduct regular threat assessments, and prepare contingency plans for potential disruption to IT infrastructure.
