This article first appeared on The Globe and Mail on March 03, 2026.
Cybersecurity experts are advising Canadian organizations and operators of critical infrastructure to be on the lookout for attacks from Iranian-linked groups as U.S.-Israeli strikes on the Middle Eastern country continue.
Pro-Iran “hacktivists” could target Canada because of the federal government’s support for the U.S. and Israeli military action, the Canadian Centre for Cyber Security cautioned in a notice this week.
Iranian state-sponsored threat actors are also likely to conduct cyberespionage against political activists, journalists and human rights advocates in Canada, according to the centre, which is part of the national cryptologic agency, the Communications Security Establishment.
“We assess that Iranian cyber threat actors will likely target opponents abroad, especially those advocating for regime change in Iran,” the agency said on Monday.
Global cybersecurity firms, meanwhile, are sounding the alarm about rising cyberattacks stemming from the conflict.
Tel Aviv-based cybersecurity firm Check Point Software Technologies Ltd. said it has witnessed a tenfold increase in activity by Iranian-linked threat actors since the war broke out on Feb. 28. The attacks include phishing attempts, websites being defaced and influence campaigns called “hack-and-leak” operations.
“The activity is not limited to Israel. It also includes attempts to impact additional countries involved in the conflict or perceived as aligned with one side of the confrontation,” the company said in a Tuesday statement.
Jamie Dimon, chairman and chief executive of JPMorgan Chase & Co., said on CNBC that banks could also become targets. Reuters reported that American cybersecurity firm CrowdStrike has identified denial-of-service attacks, which involve overwhelming the service provider’s system with superfluous requests, and reconnaissance activity likely linked to pro-Iranian threat actors.
Charles Finlay, executive director of Rogers Cybersecure Catalyst at Toronto Metropolitan University, noted that Prime Minister Mark Carney has publicly expressed support for U.S. and Israeli air strikes on Iran.
That could situate us as a target for Iranian-backed cyberattacks.
Mr. Finlay added, “I think there is cause for vigilance, but I wouldn’t say that there’s cause for panic.”
Canadian infrastructure is unlikely to be the highest priority for Iranian state-sponsored attackers, some experts say.
“We’re not actively flying planes in right now, so I don’t think we’re at the top of the menu,” said David Shipley, CEO of Canadian cybersecurity software firm Beauceron Security Inc.
However, ransomware attacks are expected to escalate as Iran faces a financial crisis.
“We have told clients, these are early days. The military action just happened last weekend,” said Imran Ahmad, co-head of cybersecurity and data privacy at Norton Rose Fulbright Canada LLP. “It is better to be extremely vigilant for the near future,” he added.
Over the weekend, a wave of cyberattacks accompanied the U.S.-Israeli strikes, according to news reports.
Iran experienced a near-total internet blackout on Saturday. News websites were hacked, and a religious calendar app called BadeSaba urged military personnel to give up their weapons and join the people.
Mr. Shipley called the attacks “the cyber equivalent of shock and awe,” adding, “it was like nothing we’d ever seen before.”
Mr. Finlay said it’s now common for cyberattacks to become an extension of physical combat between countries.
“The pattern is, as actual physical conflicts start, there’s an uptick in cyberconflicts related to the parties that are fighting,” he said. “We certainly saw that very significantly in Ukraine.”
The pattern is, as actual physical conflicts start, there’s an uptick in cyberconflicts related to the parties that are fighting.
He added, “We certainly saw that very significantly in Ukraine.”