Iran remained under a near-total government-imposed internet blackout for more than 10 days, with Cloudflare Radar showing HTTP traffic falling by roughly 98% from pre-shutdown levels to below 1% of normal beginning around 07:00 UTC on February 28. Reporting indicates the disruption affected all major regions and the country’s largest networks simultaneously, including MCCI (AS197207), IranCell (AS44244), and TCI (AS58224), supporting assessments that the outage was a centrally coordinated national shutdown rather than a cyberattack or physical infrastructure failure.
At the same time, Iranian state and IRGC-linked messaging signaled an escalation of the wider conflict toward economic targets, warning that banks and commercial infrastructure tied to the U.S. and Israel could be considered legitimate targets after an alleged strike on a bank in Tehran. Iranian outlets reportedly named major technology firms including Nvidia, Microsoft, Google, Oracle, IBM, and Palantir in connection with facilities in Israel and the broader Middle East, while warning civilians to avoid areas near banks. Together, the reporting points to a broader campaign in which Iran is both restricting domestic connectivity and publicly threatening regional economic and technology infrastructure as the conflict expands.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
By April 11, Iran's nationwide internet shutdown had exceeded 1,000 hours and more than 43 days, making it one of the longest country-scale outages measured by NetBlocks. Reporting said authorities were sustaining the blackout through whitelisting on the National Information Network while also using military-grade jamming and severe criminal penalties to deter Starlink use.
On the 12th day of the conflict, Iranian state and IRGC-affiliated media said Iran would target economic centers and banks tied to the US and Israel after an alleged Israeli strike on a Tehran bank branch that reportedly killed employees. Tasnim published a list of alleged new targets linked to US military technology, naming companies including Nvidia, Google, Microsoft, Oracle, IBM, and Palantir, while Khatam al-Anbiya warned people to stay at least one kilometer away from banks.
Since the conflict began, Middle East data centers were reportedly affected by drone attacks, with Iran claiming it targeted AWS regional data centers in the UAE and Bahrain because they host US military workloads. The reporting framed these strikes as part of a broader expansion into infrastructure-related conflict.
Cloudflare Radar showed Iranian HTTP traffic staying below 1% of normal levels through at least March 10, indicating a centrally coordinated, near-total national blackout. Access was reportedly restricted to approved services on Iran's domestic National Information Network.
Around 07:00 UTC, Iran's nationwide internet traffic collapsed by about 98% as joint US and Israeli military strikes began. NetBlocks assessed the outage as a government-enforced shutdown rather than the result of cyberattack or physical infrastructure damage.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
tomshardware.com
Open sourcecybersecuritynews.com
Open sourcetomshardware.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.