The Army Without Borders: Iran’s Sixty Groups and the New Shape of War
The Army Without Borders: Iran’s Sixty Groups and the New Shape of War – 2026
When missiles fell on Tehran, Iran did not merely retaliate with missiles in return. It unleashed something far more patient, more pervasive, and arguably more consequential a distributed digital insurgency that has since metastasised into one of the most sophisticated hybrid warfare ecosystems in modern history.
By Meer Yassir Ahmed
On the 28th of February, 2026, as the first American and Israeli strike packages crossed into Iranian airspace, something else crossed an invisible threshold one that no radar could track and no missile defence could intercept. Within hours, a newly assembled “Electronic Operations Room” had come into existence, coordinating over sixty hacktivist and state-aligned cyber groups across three continents. By dawn, Jordan’s fuel distribution networks were compromised, an Israeli energy exploration company had been breached, and hospitals in Tel Aviv were receiving encrypted ransom demands. The kinetic war was only the most visible front. The deeper war had already begun.
To understand what Iran has constructed, one must resist the temptation to think of cyber warfare in the vocabulary of the last century as a precision instrument deployed by a state against a state. What Tehran has engineered is something far more architecturally complex: a distributed insurgency in the electromagnetic domain, where state intelligence agencies provide doctrine, targeting priorities, and technical infrastructure, while a vast constellation of ideologically aligned, financially incentivised, and criminally entrepreneurial groups execute operations independently. The Iranian model, in this sense, does not merely copy the Russian playbook. It radicalises it.
This passage, from the most widely read book in human history, was not written for the cyber age. And yet it illuminates the Iranian strategic condition with unsettling precision. A state that believed itself protected by geography, ideology, and deterrence has been struck from above and now, stripped of its supreme leader, its missile arsenals substantially degraded, and its internet access reduced to barely four percent of normal capacity, it strikes back not from strength, but from the disciplined, focused fury of the humiliated. History teaches us repeatedly that this is often the most dangerous adversary of all.
“Iran has not merely weaponised hackers. It has built a digital theology of resistance, and sixty congregations are now reciting its doctrine simultaneously.”
The Sixty: Architecture of a Cyber Army: The sixty-plus groups now active under Iran’s cyber umbrella do not form a monolith. They operate across a sophisticated spectrum. At the apex sits the Iranian Ministry of Intelligence and Security MOIS whose cyber unit, Handala Hack, has claimed responsibility for compromising an Israeli energy exploration company, Jordanian fuel infrastructure, and civilian healthcare networks in Tel Aviv. Handala is not a mercenary gang. It is an ideological extension of the Iranian state, named for the iconic Palestinian cartoon figure of resistance by artist Naji al-Ali. Its operations carry a political signature as deliberate as a diplomatic communiqué.
Below that apex lies a second-tier groups that operate with MOIS or IRGC technical support but maintain a degree of operational independence: APT33 (Refined Kitten), APT34 (OilRig), and Moses Staff among them. These groups have spent years embedding persistent access into Western telecommunications infrastructure, financial systems, and defence supply chains not for immediate exploitation, but as strategic insurance policies. In the vocabulary of intelligence professionals, they are not conducting attacks. They are installing leverage.
The third-tier dozens of smaller hacktivist collectives, nationalist forums, and criminal actors — is perhaps the most significant analytical development of 2026. These groups require minimal coordination from Tehran. They draw on publicly available Iranian targeting guidance, are motivated by a combination of ideological solidarity and financial reward and are essentially impossible to attribute with the legal certainty required for proportionate state response. The United States Cybersecurity and Infrastructure Security Agency has identified 136 common vulnerabilities and exposures currently being weaponised by this ecosystem. It is, by any serious measure, the most dangerous non-Russian cyber threat posture in the world today.
The Quran the second most widely read book in human history speaks with quiet authority to the psychology animating Iran’s hybrid war doctrine. Whether or not one accepts its theological claims, the strategic reality is this: Iran’s leadership, even in its most degraded hour, draws from a civilisational confidence that is not susceptible to conventional deterrence logic. A people who believe that righteousness will ultimately inherit the earth do not calculate retaliation the way a rational-actor model predicts. They are patient. They are distributed. And they are, from their own frame of reference, operating on the right side of history. This is not a sympathy argument. It is an intelligence assessment. Ignoring it has cost the West dearly before.
The Consequences for Global Security Architecture: The implications of the Iranian cyber model extend far beyond the immediate Middle East theatre. The Strait of Hormuz blockade has disrupted roughly twenty percent of globally traded oil. But the cyber component of this conflict has done something more insidious it has demonstrated, conclusively, that a mid-tier state can impose disproportionate strategic cost on great powers through the deliberate cultivation of a distributed non-state cyber army. North Korea watched. China has taken notes. Non-state actors from Hezbollah’s technical units to jihadist media cells have observed how a sixty-group cyber ecosystem absorbs, redistributes, and multiplies state cyber capacity. This lesson will not be unlearned.
For India and for this bureau in Srinagar, which sits at the convergence of the Pakistan-China-India tripoint — the Iranian precedent carries a direct warning. Pakistan’s intelligence apparatus has long cultivated proxy militant groups in the kinetic domain. The Iranian model suggests that the next iteration of this strategy may migrate comprehensively into cyber space. The ISI has studied Iranian methods carefully. Indian critical infrastructure power grids, railway signalling, financial clearing systems, and the increasingly digital defence procurement ecosystem must now be assessed against a threat posture that is explicitly Iranian in design and potentially Pakistani, Chinese, or non-state in execution.
Toward a Doctrine of Digital Statecraft: The international community has no adequate legal framework for what Iran has done. The laws of armed conflict were not written for the Electronic Operations Room. Attribution thresholds that protect state-sponsored cyber groups from consequence are, structurally, a gift to revisionist powers. The Budapest Convention on Cybercrime covers forty-six nations. Iran is not among them. The United Nations Government Group of Experts on cyber norms has produced careful language that authoritarian states ratify and immediately ignore.
What is required urgently is a doctrine of digital statecraft that combines three things: a credible international attribution mechanism with legal standing, a proportionality framework for response that does not require kinetic escalation, and a global infrastructure protection treaty with genuine enforcement teeth. None of these exist. Building them, in the middle of a hot war, while sixty cyber groups continue their operations, may be the defining diplomatic challenge of the decade.
The armies of the twenty-first century do not always wear uniforms or carry rifles. Some operate from rented servers in Minsk or Tehran or Lahore, deploying lines of code that can extinguish the lights in a hospital or detonate a refinery’s pressure valve from ten thousand kilometres away. Iran did not invent this model. But in the thirty days since Operation Epic Fury began, it has perfected it and released it into the world. That particular weapon, unlike a missile, cannot be shot down. It can only be understood, anticipated, and deterred through the patient, unglamorous construction of international norms that most governments still lack the will to demand. The war in the air is visible. The war in the wire may prove to be the one that actually reshapes the world.
The Army Without Borders: Iran’s Sixty Groups and the New Shape of War – 2026
The Army Without Borders: Iran’s Sixty Groups and the New Shape of War – 2026
The Army Without Borders: Iran’s Sixty Groups and the New Shape of War – 2026
The Army Without Borders: Iran’s Sixty Groups and the New Shape of War – 2026
The Army Without Borders: Iran’s Sixty Groups and the New Shape of War – 2026
The Army Without Borders: Iran’s Sixty Groups and the New Shape of War – 2026
About The Author
