The outlook on such “hacktivist” groups — hackers who attempt to penetrate systems and steal information for political activism — comes days after The Washington Post reported that Russia is supplying Iran with intelligence to help target U.S. forces in the Middle East and adds another dimension to the already complex cyber and information environment surrounding the war.

One well-known pro-Russia group dubbed “NoName057(16)” recently claimed massive distributed denial-of-service attacks against Israeli defense contractors and also claimed to have gained full access to the human-machine interfaces of Israeli water management systems, said Kathryn Raines, a cyber threat intelligence team lead at cybersecurity firm Flashpoint. But company analysts have not verified these claims, she said.

Distributed denial-of-service hacks, known colloquially as “DDoS” attacks, overwhelm websites with large amounts of artificial internet traffic to stop legitimate users from accessing them.

CrowdStrike has similarly observed a surge in pro-Iran hacktivists with ties to Russia. In the first few days after the war broke out on Feb. 28, one Russia-aligned hacktivist group the company dubs “Z-Pentest” claimed responsibility for compromising several U.S.-based entities, said Adam Meyers, the company’s head of counter adversary operations. 

Those claims are also unverified, though “Western organizations should continue to remain on high alert for potential cyber response as the conflict continues and activity may move beyond hacktivism and into destructive operations,” he said.

The United States has long supplied Ukraine with intelligence and equipment to strike Russian targets within its borders. Now, as the war unfolds in Iran, Moscow could be seizing its own opportunity for retaliation by aiding Tehran.

“Russia is comfortable providing some proxy support to Iran, or at least taking advantage of an unstable situation,” Cynthia Kaiser, a former deputy director at the FBI’s Cyber Division, said in a LinkedIn post this weekend. “Expect exaggeration, but don't dismiss the underlying access. These groups regularly inflate the impact of their attacks for media attention. But they have caused real physical damage to critical infrastructure. Calling their bluff shouldn't mean ignoring the threat.”

“Russia has a variety of partner engagements with Iran that could prompt Moscow to get involved in the conflict, particularly if Russia perceives that U.S. military operations dragging out would further pull the White House’s focus from Ukraine,” said Justin Sherman, founder and CEO of Global Cyber Strategies, a Washington, D.C.-based research and advisory firm.

The Kremlin’s vast and complex cyber ecosystem allows it to leverage state elements, hired or coerced cybercriminals and patriotic hackers encouraged by propaganda to pursue its goals, Sherman said, explaining that “one of the benefits of Russia’s cyber web for the state is how the Kremlin can pick and choose its actors and capability sets as it pleases, depending on its needs.”

In a recent case, Russian state-backed groups initiated a massive global campaign targeting the Signal and WhatsApp accounts of officials, military personnel and civil servants, Dutch intelligence said Monday.

But Sherman said that attributing Russian-origin cyber operations is complex, and that analysts should try to examine which parts of Vladimir Putin’s government may have authorized an operation to better understand how Moscow would be aiding Iran in cyberspace.

Some are skeptical that Russia sharing targeting intelligence would translate directly into cyber support for Tehran.

“Russia providing intelligence assistance to the Iranian government to support kinetic strikes, and the idea of Russian cyber actors as implied by the conventional use of the phrase — i.e., those with a nexus to the Russian state — ‘joining the cyber aspect of this conflict’ are two very different things,” said Alex Orleans, a former National Security Council contractor and head of threat intelligence at Sublime Security.

“I have not encountered Russian APTs inserting themselves into a conflict to support a third-party and I’d be surprised if they did now,” he said, referring to “advanced persistent threat” groups that are typically well-resourced, highly skilled and backed by a nation-state.

Other analysts have not publicly attributed any hacktivist activity to a particular nation.

“While we have observed some initial hacktivist groups supporting the Iranian regime, these activities are in the very early stages. There is currently no clear indication that this is being directed by a state actor like Russia or Iran, and it remains difficult to verify,” said John Fokker, vice president of threat intelligence at Trellix. “That said, in any geopolitical conflict, it is common practice for involved countries to provide aid in various forms.”

Iran’s cyber capabilities have likely diminished in recent days, said Dave DeWalt, CEO of NightDragon, a venture capital firm that manages a portfolio of cybersecurity companies. 

“We’ve been monitoring almost every actor and every indicator of compromise that we possibly can, and we've seen next to zero activity … and that’s largely because we believe that most of their cyber operations have been dismantled physically,” he said in an interview.

Israel said last week it destroyed Iran’s cyberwarfare headquarters, though it’s not immediately clear how much effect that’s had on its cyber operations.

“We’ve seen little activity from [Iran] globally, that doesn’t mean that it’s completely dismantled,” DeWalt said. “I don’t have full confirmation, but I would tell you it certainly looks like no other case I've seen in 20 years, where we’ve seen such silence in the digital world from [Iran].”

Asked about whether China and Russia are sharing capabilities with Iran at this point, he said those nations may be keeping their distance, but there’s possible sharing of satellite, electronic warfare and radar-jamming services. “I would not be surprised at all,” he said.

Latest: “Today will be yet again our most intense day of strikes inside Iran,” Defense Secretary Pete Hegseth said Tuesday at the Pentagon. 

“We've already won in many ways, but we haven't won enough,” Trump said to Republican lawmakers Monday in Florida. “We're achieving major strides toward completing our military objective,” he told reporters later in the day. “And some people could say they're pretty well complete. We've wiped every single force in Iran out, very completely.” 

Shortly before those remarks and while the markets were still open, Trump told CBS News, “I think the war is very complete, pretty much…If you look, they have nothing left. There's nothing left in a military sense.” U.S. stock indexes climbed sharply after his remarks, and the price of oil eventually fell to around $92 per barrel by Tuesday morning after reaching a high of $119 on Monday.

Rewind: On Sunday evening, Hegseth said, “This is only just the beginning,” in an interview with “60 Minutes” of CBS News. “But this is not a remaking of the Iranian society from an American perspective,” Hegseth said. In Iraq and Afghanistan,” “a lot of foolish approaches were used. This is war. This is conflict. This is bringing your enemy to their knees. Now, whether they will have a ceremony in—in—in Tehran Square and—and—and surrender, that's up to them.” 

Hegesth’s Defense Department sent a similar message to the world on Monday afternoon, declaring on Twitter, “We have Only Just Begun to Fight.”

Trump was asked about the two different answers Monday evening. “You said the war is ‘very complete.’ But your defense secretary says ‘this is just the beginning.’ So which is it?” 

Trump replied: “You could say both. The beginning. It's the beginning of building a new country,” he said, and noted, “As we speak, they're being hit.” He then noted three developments administration officials have begun emphasizing this week amid allegations of strategic incoherence. “When you think about it, it's incredible. We wiped out a big navy, very powerful navy,” Trump said Monday. “The Air Force is gone, everything's gone. The missiles are down to a trickle. The drones are down to probably 25 percent and they'll soon be down to nothing. We'll have the—where they manufacture the drones are under fire.”

After a week in which White House officials gave at least 10 different reasons for going to war against Iran, Secretary of State Marco Rubio, like Trump, listed three objectives on Monday as well. “The goals of this mission are clear,” he said, “and it’s important to continue to remind the American people of why it is that the greatest military in the history of the world is engaged in this operation: It is to destroy the ability of this regime to launch missiles, both by destroying their missiles and their launchers; destroy the factories that make these missiles; and destroy their navy.”

On Tuesday morning, Hegseth added his own, slightly different take: the U.S. is fighting to destroy Iranian missile capabilities, destroy the Iranian navy and “permanently deny Iran nuclear weapons forever,” he said at a Pentagon press conference. Defense One’s Meghann Myers has more from that, here. 

Tehran’s response to the conflicting U.S. messaging: “Iran will determine when the war ends,” a spokesman for the Revolutionary Guards said Monday. Another Iranian general claimed, “We are prepared for ten years of war with the United States. At least ten years.” And the country’s deputy foreign minister alleged, “Iran has upper hand in war [and] will decide when it ends.” 

Related reading: “Iran Isn’t Winning This War,” But it might if the U.S. stops the bombing due to higher oil prices, the Wall Street Journal’s editorial board argued in a commentary Monday. 

Update: The first two days of the Pentagon’s Iran strikes cost $5.6 billion in munitions, the Washington Post reported Monday, citing three U.S. officials. “The estimate, shared with Congress on Monday, raises new questions about the Trump administration’s broad dismissal of lawmakers’ concerns that the Iran operation is quickly eroding the U.S. military’s readiness,” Noah Robertson writes. 

Two more media outlets report video evidence strongly suggests the U.S. military attacked an elementary school on the war’s first day, killing more than 150 people, including children: The New York Times and the Associated Press joined earlier reporting from Bellingcat and Reuters, which arrived at a similar likelihood after consulting video forensics and—in the case of Reuters—preliminary results of an internal Defense Department investigation of the incident. The school was located beside an Iranian military base in southern Iran, and that base was one of the earliest targets in the war beginning Saturday, Feb. 28. 

• Here is what is reportedly the last photo of Mikaeil Mirdoraghi, a third-grade student killed in the airstrike.
• “UN experts strongly condemn deadly missile strike on girls’ school in Iran, call for independent investigation,” the United Nations announced Friday; 
• “US/Israel: Investigate Iran School Attack as a War Crime,” Human Rights Watch said in a statement Saturday; 
• See also: “The Pentagon Cut Its Civilian Safeguards Before the Iran War,” via Missy Ryan, writing Monday for The Atlantic. 

Trump was asked about the school attack Monday, and even though the U.S. military is the only one in the conflict deploying Tomahawk missiles, the president seemed to suggest Iran may have used the missile observed moments before impact. “Whether it's Iran or somebody else, the fact that a tomahawk, a tomahawk is very generic. It's sold to other countries. But that's being investigated right now,” Trump said. AP called his allegation of Iran’s use of Tomahawks “erroneous.” 

“We take things very, very seriously and investigate them thoroughly,” Defense Secretary Hegseth told reporters Tuesday when asked about the school strike. 

Survey says: Most Americans still oppose the Iran war. “Even the highest level of public support for this conflict falls far lower than that at the start of most other conflicts, including World War II, the Korean War and the Iraq War,” the New York Times reported Tuesday. The gist: “So far, polls have found that most Americans oppose the Iran attacks. Support ranges from 27 percent in a Reuters/Ipsos poll to 50 percent in a Fox News poll. The wide variation suggests that public opinion is still taking shape as more Americans learn details of the attacks and the aftermath.”

Investor reax: “The risk of a 1970s scenario is rising,” one portfolio manager told Reuters Monday in an economic report on the risks of stagflation similar to the energy crisis that affected the U.S. and allies after Israel’s 1973 Yom Kippur war. 

Latest: Saudi Arabia's Aramco warned of “catastrophic consequences” if oil shipping through the Strait of Hormuz is paused much longer. “While ​we have faced disruptions in the past, this one by far is the biggest crisis the region's oil and gas industry has faced,” CEO Amin Nasser said in an earnings call Tuesday, according to Reuters.

Analysis: Hormuz is unusually hard to defend, Axios reported Monday. “The Strait, which carries roughly 25% of the world's seaborne oil supply, is approximately 21 nautical miles wide at its narrowest point, but the designated shipping lanes are far smaller—concentrating traffic into predictable corridors for Iran to monitor and target adversaries.” 

Commentary: “Take the win. Stop the war,” argues Will Walldorf, Wake Forest University professor and senior fellow at Defense Priorities, writing Monday in Defense One. “The American experience in Iraq, Libya, and Afghanistan have shown that taking out leaders is the easy part; it’s what follows that turns into a disaster,” he says. 

Additional reading: 

• “Markets bet that Trump will end Iran war soon despite threats from both sides,” Reuters reported Tuesday morning for its top story
• “Sinking Iran’s Frigate IRIS Dena and the Law of Naval Warfare,” which is a legal consideration of the March 4 Navy submarine attack on an Iranian ship, via Just Security writing Sunday; 
• “Trump’s Iran options include special operations raid on nuclear sites,” Semafor reported Tuesday; 
• “Drones hit the UAE as the country reports 2 new deaths,” AP reported Tuesday; 
• “Gas price spikes are slamming Senate battleground states,” Axios reported Tuesday;  
• “Trump Advisers Urge Him to Find Iran Exit Ramp,” the Wall Street Journal reported Monday; 
• And “Trump’s War in Iran, and Rising Gas Prices, Collide With Midterm Agenda,” the Times reported Monday. 

Welcome to this Tuesday edition of The D Brief, a newsletter focused on developments affecting the future of U.S. national security, brought to you by Ben Watson with Bradley Peniston. It’s more important than ever to stay informed, so we’d like to take a moment to thank you for reading. Share your tips and feedback here. And if you’re not already subscribed, you can do that here. On this day in 1987, Iran attacked three Kuwaiti ships as part of the Tanker War.

Around the Defense Department

Hegseth presses Defense civilians to deploy for immigration enforcement. The U.S. military is reupping its request for civilian employees to deploy to the southwest border to assist with immigration enforcement operations, with supervisors now facing a stronger push to solicit their staff to sign up for the details, Eric Katz of Government Executive reported Monday. The memo is dated Feb. 19, more than a week before the U.S. and Israel began the war in Iran, though it was delivered to employees on Monday. 

Hegseth encouraged “all who are interested” to volunteer for the detail, calling the work “vital to the national security of the United States.” According to an Army official, “With the potential for increased numbers of migrants in the interior of the United States territory and across the southwest border, [the Department of Homeland Security] needs volunteers to assist in its commitment to ensuring a safe and orderly immigration system.” Katz notes, “It was not immediately clear why the number of migrants entering the country could potentially increase—the Trump administration has consistently boasted that it has slashed the number of individuals illegally entering the country to record-low levels.”

“We all think it’s absurd,” one civilian said. The timing of the new push seemed to be a “bad look,” the person added, given the war the U.S. is currently waging against Iran. Continue reading, here. 

The U.S. military says it killed six more people in its 45th known strike targeting alleged drug traffickers off the coasts of Latin America. The latest strike occurred Sunday as the vessel transited “known narco-trafficking routes in the Eastern Pacific,” officials at Southern Command said in a statement Sunday. 

Notable: Critics have likened the strikes to a campaign of extrajudicial killings, and the administration has yet to share evidence supporting its claims that those aboard the boats were in fact trafficking drugs when they were killed. The New York Times maintains a tracker from the ongoing strikes, here. 

Anthropic sues DOD, Hegseth, other federal agencies. The AI company that was recently declared a “national security risk”—even as its tools were reportedly being used to plan strikes on Iran—filed suit on Monday with the U.S. District Court in the Northern District of California. The lawsuit “asserts that the government's actions after this disagreement—primarily the designation of the company as a supply-chain risk and alleged violations of its right to due process through a lack of ‘core requirements’ such as ‘adequate notice and a meaningful hearing’—constitute illegal retaliation,” reports Nextgov’s Alexandra Kelley. Read on, here.

New science on heat is changing the future of soldiering. “The U.S. military has been studying the effects of heat on troops for almost a century, dating to the 1927 establishment of the Harvard Fatigue Laboratory at the military's request. Still, soldiers’ and commanders’ approach to core physical tasks—think timed runs, strenuous outdoor activity, or environmental exposure—lags the growing body of science about heat risks, sometimes by years or decades. That may finally be changing under new initiatives to expand research into human performance,” reports Defense One’s Patrick Tucker, here.

The U.S. military is entering day 11 of its campaign to destroy Iranian missile capabilities, destroy the Iranian navy and “permanently deny Iran nuclear weapons forever,” Hegseth said at a Tuesday press briefing at the Pentagon. 

Asked about the White House’s quickly shifting timelines—Trump said on Monday that “the war is very complete”—his defense secretary hedged.

“So it’s not for me to posit whether it's the beginning, the middle, or the end,” Hegseth said. “That's his, and he'll continue to communicate that.”

The war isn’t “endless, not protracted, we’re not allowing mission creep,” he said, adding that Tuesday will be the “most intense” day of strikes inside Iran yet.

So far, the U.S. has hit more than 5,000 targets, including dozens of 2,000-pound bombs dropped on underground missile launchers, said Gen. Dan Caine, the chairman of the Joint Chiefs of Staff.

“We also have struck several one-way drone factories to get at the heart of their autonomous capability,” Caine said at the press conference. “And of course, alongside our regional partners along the southern flank, continue to execute intercepts against one way attack drones using fighters and attack helicopters.”

Iranian ballistic missile attacks are down 90 percent and drone attacks down 83 percent, Caine said, giving same figures as U.S. Central Command boss Adm. Brad Cooper gave at a press conference last Thursday.

Asked about Israel’s strikes on Iranian oil facilities, Hegseth said, “that wasn't our necessary objective,” but added that Israel is not leading the U.S. deeper into war.

“The president has made clear to those concerns that we're not getting pulled in any direction,” Hegseth said. “We're leading. The president is leading. He's determining where we want to go, what the outcome will be, what the end state is, with a very keen eye.”

After Trump accused the Iranian military Monday of using a Tomahawk missile to strike a girl’s school on Feb. 28, Hegseth reiterated that the U.S. is investigating the incident.

“No nation takes more precautions to ensure there's never targeting of civilians than the United States of America,” he said.

However, Hegseth last year gutted a congressionally-mandated Pentagon office that sought to reduce civilian harm in U.S. air strikes, created in response to thousands of civilian deaths during the campaign against ISIS in Iraq and Syria.

“From the boat strikes in the Caribbean, where every single strike is assessed, to this campaign here, no nation in history of warfare has ever attempted in every way possible to avoid civilian casualties, and frankly, that's a point that just isn't appreciated enough,” Hegseth said.

However, experts have questioned the legality of the administration’s attacks on suspected drug smuggling boats, determining that the people on board are indeed civilians until Congress authorizes military action against suspected drug cartel activity. 

Asked what the administration’s next steps will be after achieving its goals in Iran, Hegseth offered no specifics about Iran’s future leadership or any future deals that would control its ability to rebuild its conventional or nuclear weapons capabilities. 

“Ultimately, the aftermath is going to be in America’s interests,” he said.