Armed conflicts today are rarely confined to physical battlefields. Increasingly, geopolitical tensions spill into cyberspace, where state-sponsored hackers, proxy groups and opportunistic cybercriminals conduct operations designed to disrupt economies, influence public perception and retaliate against perceived enemies.
The escalating conflict involving Iran, the United States and Israel is a prime example. While the most visible aspects of the conflict involve military operations, cybersecurity experts and regulators have warned that U.S. financial institutions and consumers may face heightened cyber risk as part of the broader geopolitical confrontation.
For financial institutions, companies and consumers alike, understanding the cyber implications of geopolitical conflict is increasingly critical.
Cyber Warfare as an Extension of Military Conflict
Modern military strategy often integrates cyber operations alongside conventional warfare. During the ongoing conflict involving Iran, cyber operations have been used to disrupt communications, spread disinformation and target infrastructure in support of physical military objectives.
Cyber retaliation is also expected. Iranian state-aligned actors and affiliated hacktivist groups have historically targeted western entities, including, but not limited to, banks, infrastructure operators, medical institutions, energy companies and technology firms through techniques such as distributed denial-of-service (“DDoS”) attacks, data-wiping malware, phishing campaigns, credential theft, supply-chain compromises, website defacements, and disinformation operations. Security analysts note that pro-Iranian hacker groups are already expanding their activity beyond the Middle East and increasingly probing U.S. networks. In short, cyberspace has become a parallel battlefield.
Since February 28, 2026, the date the conflict started, the following events have occurred that are linked to Iranian threat-actor activity:
- The hacking group “Handala” claimed to have breached Israeli energy companies, including Sharjah National Oil Corporation and Israel Opportunity energy, in March 2026, reported stealing over 1.3TB of data, including financial records.
- Handala was also linked to the cyberattack on medical equipment and technology provider, Stryker, which occurred around March 11, 2026.
- Website domains linked to Handala were seized by the FBI after threat actors published sensitive personally identifiable information associated with approximately 190 individuals associated with or employed by the Israeli Defense Force and/or Israeli government.
- The New York Department of Financial Services alerted financial institutions to increase vigilance due to the elevated risk of targeted attacks from Iran.
What Types of Cyberattacks are Used on Financial Institutions?
DDoS attacks are historically the most common wartime cyberattack against banks and financial institutions. These attacks flood a bank’s online services with massive traffic from compromised devices, overwhelming the systems and causing online banking outages, mobile banking failures, ATM network disruptions and payment processing slowdowns.
Adversaries use DDoS attaches because they are low cost, relatively easy to launch and create highly visible disruption to the public. This creates panic or loss of confidence in financial systems. Iranian-linked actors have previously conducted large DDoS campaign against U.S. banks between 2011 to 2013, coined “Operation Ababil”. These attacks resulted in millions of dollars in remediation costs for the targeted firms to mitigate the large-scale attacks and resulted in many financial institutions re-tooling their cybersecurity practices.
Another tool used by threat actors is data-wiping malware, which is designed to destroy data rather than steal it. When deployed against financial institutions it can: (i) destroy transaction records; (ii) disable payment systems; (iii) corrupt databases; and (iv) shut down internal banking operations.
Data-wiping malware is used as it creates maximum disruption, causes long recovery times and can cripple financial infrastructure.
Additionally, credential theft and phishing campaigns are frequently used by nation-state actors to target bank employees and executives through sophisticated social engineering campaigns. These attacks attempt to steal employee login credentials, VPN access, administrative privileges and email accounts. Credential theft and phishing provides internal network access and enables espionage or later destructive attacks. It often bypasses technical defenses by exploiting human behavior and reactions. These attacks often increase during war time because attackers craft phishing messages referencing breaking news or political events.
Banks also rely heavily on third-party vendors, such as cloud providers, payment processors, core banking software providers and fintech integrations. Instead of attacking the bank directly, attackers compromise a trusted vendor, which then spreads malware or malicious code into multiple banks simultaneously.
Another wartime strategy is attempting to steal money directly from financial systems. Attackers may target SWIFT messaging systems, international wire transfers, payment settlement platforms and interbank transfer systems. If successful, this results in direct financial gain for adversaries, permitting economic sabotage and continued funding of geopolitical operations.
Why Financial Institutions are High-Valued Targets
Financial institutions historically rank among the most attractive targets for geopolitical cyber operations for the following reasons:
- Economic Disruption – Attacking banks, payment processors or financial market infrastructure can create widespread economic instability. Cybersecurity analysts have warned that Iranian-aligned actors could specifically target financial institutions perceived to support United States or Israeli interests. Because financial systems are highly interconnected, even short disruptions can ripple across the broader economy. For adversaries seeking asymmetric leverage, this makes banks an efficient pressure point.
- Psychological and Political Impact – Disruptions to consumer banking services, such as online banking outages or ATM failures, can quickly erode public confidence in financial systems. In times of geopolitical tension, adversaries often seek to undermine public confidence in institutions, and attacks on financial systems can amplify fear, uncertainty and political pressure. Even a brief outage at a major bank can quickly become headline news, which is precisely the type of visibility adversaries seek.
- Data and Intelligence Value – Banks and fintech companies store vast amounts of sensitive data, including personally identifiable information, account credentials, transaction histories and identify verification records. Such data can be used for espionage, financial fraud or geopolitical leverage.
- Disruption of National Infrastructure – In many countries, financial systems are classified as critical infrastructure. In the United States, the Financial Services Sector is formally recognized by the Department of Homeland Security as one of the nation’s critical infrastructure sectors because banking systems support national commerce, government payments, defense contracting, supply chains and capital markets. As a result, attacks on financial institutions can indirectly affect other critical sectors, such as energy, healthcare and transportation.
- Funding Opportunities for Adversaries – Some cyber operations targeting banks are motivated by financial gain that supports geopolitical activities. State-sponsored or state-tolerated cyber groups may attempt to steal funds through fraudulent wire transfers, manipulate payment systems, conduct ransomware attacks or steal cryptocurrency assets. These operations can provide revenue streams that help fund sanctioned regimes or hostile activities.
For financial institutions operating in the United States, heightened geopolitical cyber risk carries important legal and compliance considerations, including regulatory cybersecurity expectations under federal banking regulations, compliance with the Gramm-Leach-Bliley Act Safeguards Rule, state-level data-breach-notification laws and incident reporting obligations under federal banking regulations.
Regulators increasingly expect financial institutions to maintain robust cyber resilience programs capable of defending against nation-state level threats.
Heightened Regulatory Attention
U.S. regulators have begun warning financial institutions to adopt heightened cyber vigilance in response to the geopolitical situation. Regulatory agencies and financial authorities like the New York Department of Financial Services have encouraged banks and other financial institutions to: (i) increase monitoring for suspicious network activity; (ii) review incident response and business continuity plans; (iii) implement enhanced authentication protocols; and (iv) strengthen vendor risk management practices. Regulators have emphasized the need for clear communication plans to manage consumer panic if cyber incidents occur. This reflects a broader shift in regulatory thinking. Cybersecurity is increasingly viewed as a systemic financial stability issue rather than just a simple IT risk.
Legal and Compliance Implications for Financial Institutions
For financial institutions operating in the United States, cyber threats tied to geopolitical conflict raise several legal and regulatory considerations, including:
- Data Breach Notification Laws – If cyber activity leads to unauthorized access to consumer information, institutions must comply with state-level, data-breach-notification statutes and sector-specific laws, such as: (i) the Gramm-Leach-Bliley Act Safeguards Rule; (ii) state financial data protection laws; and (iii) federal banking regulator incident reporting rules.
- Third-Party Vendor Risk – Many cyber incidents originate through third-party vendors. Financial institutions must ensure that vendors, including fintech partners and cloud providers, maintain adequate cybersecurity controls.
- Incident Response Preparedness – Regulators increasingly expect institutions to maintain documented incident response plans capable of addressing nation-state level threats.
The Evolving Nature of Cyber Geopolitics
The conflict involving Iran, the United States and Israel illustrates a broader reality—geopolitical conflict now extends into the digital infrastructure that underpins the global economy.
Financial institutions sit at the center of that infrastructure, making them both strategic targets and critical guardians of economic stability. For cybersecurity and privacy professionals, the lesson is clear: cyber resilience is no longer purely a technical function, but a strategic and legal necessity in an era of digital warfare.
Should you have any questions or needs related to data privacy and cybersecurity, please do not hesitate to reach out to one of our data privacy and cybersecurity attorneys at Dinsmore.