During the opening weeks of March 2026, we have observed a sophisticated convergence of kinetic cyber warfare, coordinated hacktivism, and state-sponsored APT (Advanced Persistent Threat) operations.

‍

Below are the most technically significant cases currently redefining the digital battlefield:

‍

Cybercriminals & Starlink

‍

During a total internet blackout in Iran, where national connectivity plummeted to near zero, a group linked to the Iranian MOIS (Handala Hack Team) maintained offensive momentum by utilizing Starlink IP addresses.

‍

Technical Analysis:

Correlation of Traffic: With 99% of the nation offline, the residual active traffic originating from satellite terminals allowed investigators to correlate offensive operations directly with specific infrastructure.

OPSEC Vulnerabilities: These terminals emit a detectable electromagnetic spectrum. The ability to physically geolocate these units presents a massive Operations Security (OPSEC) challenge for attackers who assume satellite connectivity grants them anonymity.

‍

The first documented electronic warfare attacks against Starlink

‍

Researchers have identified GPS spoofing specifically targeting Starlink terminals—a tactic previously reserved for high-level military theaters.

‍

Technical Data of Interest:

• The terminal successfully identified 18 valid GPS satellites but triggered onboard anti-spoofing protocols.
• The system forced a transition to inhibitGps: true mode.
• The satellite beam deviated by approximately 1° from its target.

‍

Operational Impact: While the connection remained technically "active," the signal degradation rendered the service practically unusable for high-stakes operations.

‍

Russian EW Tech: Interfering with satellite comms

‍

Evidence suggests that specialized Russian Electronic Warfare (EW) systems are being deployed to disrupt satellite-based internet:

• Kalinka: Engineered specifically for the jamming of satellite internet signals.
• Tobol: A defensive system repurposed to facilitate GPS interference.
• Murmansk-BN: A long-range strategic military jammer.

These systems are capable of inducing packet loss ranging from 30% to 80% across targeted geographic sectors.

‍

Coordinated hacktivist surge following kinetic strikes 

‍

Following the geopolitical escalation on February 28, 2026, we detected the simultaneous activation of over 60 hacktivist groups. This reflects a shift toward "distributed attack ecosystems" with rigid geopolitical alignments.

‍

Key Players and Tactics:

Cyber Islamic Resistance: Specializing in high-volume DDoS and web defacement.

Dark Storm Team: Executing large-scale ransomware campaigns and DDoS.

NoName057(16): Specifically targeting critical Israeli infrastructure.

FAD Team: Deploying destructive Wipers and gaining unauthorized access to SCADA/PLC systems in industrial environments.

‍

Conclusion

One of the aspects that strikes most is how infrastructure designed to resist censorship – such as satellite internet – has transitioned into a primary platform for offensive operations.

‍

The more we depend on technology to maintain global stability, the more imperceptible the battlefield becomes. And this is probably just the beginning.

‍

_{Author: José Israel Nadal Vidal, Quantum Vulnerability Researcher | vCISO | OT Cybersecurity | Cloud Security Engineer | ISO 27001 LA/LI | ISO 22301 LA/LI | DPO | ENS | Cybersecurity Professor RED TEAM / BLUE TEAM | Psychological Operations | Collaborator RCC.Advisory}