A new wave of cyber activism has swept across the digital landscape, with cybersecurity researchers documenting 149 distributed denial-of-service (DDoS) attacks targeting 110 organizations across 16 countries. The attacks, carried out by multiple hacktivist collectives, reflect how cyber operations are increasingly being used as tools of political expression and digital protest.
The attacks were recorded between February 28 and March 2, 2026, during which several hacktivist groups coordinated efforts to disrupt online services belonging to government institutions, businesses, and other organizations. According to cybersecurity researchers, the campaign involved 12 different hacktivist groups, though two collectives—Keymous+ and DieNet—were responsible for a significant share of the activity. Together, these two groups accounted for nearly 70% of the total attacks observed during this period.
Experts from cybersecurity firm Radware noted that the surge in attacks appears closely linked to ongoing geopolitical tensions, particularly in the Middle East. Hacktivist communities often mobilize in response to political developments or military actions, launching cyber campaigns that target entities they associate with opposing sides of the conflict. In this case, the threat landscape appeared “highly lopsided,” with a small number of active groups driving most of the disruptions.
The campaign reportedly began on February 28, 2026, when a hacktivist group known as Hider Nex, also referred to as the Tunisian Maskers Cyber Force, initiated attacks against several online targets. Threat intelligence analysts from Orange Cyberdefense describe Hider Nex as a relatively shadowy cyber collective that publicly supports pro-Palestinian causes. The group has previously been linked to politically motivated cyber activities aimed at disrupting websites and drawing attention to regional conflicts.
DDoS attacks remain one of the most used tools in hacktivist campaigns because they are relatively easy to organize and can quickly disrupt online operations. In such attacks, perpetrators flood a website or online service with an overwhelming amount of traffic generated from multiple devices or compromised systems. As a result, legitimate users are unable to access the targeted service, effectively shutting it down for a period.
While these attacks typically do not involve direct data theft, they can still cause significant disruption to organizations by interrupting digital services, affecting business operations, and damaging public trust. For companies and institutions that rely heavily on their online presence, even temporary downtime can lead to financial losses and reputational harm.
Researchers also noted that many hacktivist groups combine DDoS campaigns with broader influence operations. In some cases, attackers follow up service disruptions with “hack-and-leak” tactics, where they attempt to breach systems and release sensitive information publicly to amplify their political messaging. Even when such breaches are unsuccessful, the publicity generated around these cyber campaigns can serve as a form of digital propaganda.
Another notable aspect of the recent attacks is the level of coordination seen among different hacktivist groups. Through online forums, encrypted messaging platforms, and social media channels, loosely connected collectives can quickly organize cyber campaigns and share lists of potential targets. This decentralized structure makes it difficult for authorities to track the origin of attacks or predict when new waves of activity might occur.
Cybersecurity analysts warns that hacktivist campaigns are becoming increasingly common as global conflicts play out not only on physical battlefields but also in cyberspace. Digital infrastructure, government websites, and corporate networks are often targeted because they provide high-visibility platforms for political statements and symbolic acts of protest.
As geopolitical tensions continue to influence cyber activity, experts say organizations around the world must remain vigilant. Strengthening DDoS mitigation systems, monitoring unusual traffic patterns, and improving incident response strategies are becoming critical components of modern cybersecurity defence. The latest wave of attacks serves as another reminder that the digital front line of global conflicts is expanding rapidly, affecting organizations far beyond the immediate regions involved in political disputes.
