🇮🇷 IR

Electronic Operations Room

Also known aselectronic_operations_room

Electronic Operations Room is described in the provided content as a newly formed pro-Iranian hacktivist or state-aligned persona/collective. It is listed alongside Handala Hack, Cyber Islamic Resistance, Dark Storm Team, and APT Iran as one of the actors that claimed responsibility for over 150 retaliatory cyber operations between February 28 and March 1, during a period of rapid cyber escalation tied to the Iran conflict described in the source. The reported operations attributed collectively to these actors included DDoS attacks, website defacements, wiper malware, ransomware, and claimed industrial-control-system intrusions, with targeting spanning Israeli and Western organizations across energy, finance, healthcare, and critical infrastructure sectors. The content does not provide additional specific attribution, sub-groups, or uniquely identified operations for Electronic Operations Room beyond its inclusion in that cluster of claimed activity.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

Energy
Banks
Health Care Equipment & Services
Utilities

Where they target

Geographies tied to known operations.

🇮🇱 Israel

Where they're from

Attributed origin per open-source reporting.

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

zenoxNews

Mar 25, 2026

Threat Intelligence: How Cybercrime Behaves in Geopolitical Conflict Scenarios - ZenoX - Artificial Intelligence for Cyber Security

Newly formed pro-Iranian cyber coordination cluster claiming retaliatory attacks during the conflict escalation.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.