Physical & Cyber Strike Combined: 5 Warnings Iran's Hybrid War Sends to Korea's AI, Space, and Infrastructure Security

🔥 Why You Need to Read This Now: The Iran war is no longer just a Middle East story. The moment the guns fired, a keyboard war began — and its ripple effects are reaching Korea's national AI projects, aerospace infrastructure, and financial systems.

TL;DR

• Confirmed: a large-scale cyberattack ran simultaneously with the U.S.-Israel strike on Iran on February 28
• Iran's Ministry of ICT declared a top-level cyber emergency targeting national critical infrastructure and media organizations
• Iranian state hackers are lying low, but Iranian proxy hacker groups are preparing for retaliation
• Palo Alto Networks warning at MWC 2026: "A surge in cyber sidearms is imminent"
• Korea's AI foundation model program, Nuri follow-on rockets, and CBDC have entered the list of potential retaliation targets

The Facts: What Happened

Shortly after the U.S. and Israel struck Iran's nuclear facilities and military leadership in the early hours of February 28, evidence emerged that parallel cyberattacks were launched alongside the physical strikes.

Iran's Ministry of ICT announced that "comprehensive cyberattacks have been carried out against national critical infrastructure and media organizations," declaring a top-level cyber emergency. Iran's state-run IRNA news agency was among the targets. As of March 3 (local time), Iran's state hacker organizations remain dormant, but security firms report that Iranian proxy (surrogate) hacker groups have entered a state of readiness for retaliation.

What is striking is that Iranian hackers are bypassing internet shutdowns via Elon Musk's Starlink to maintain operations (Forbes, March 2 report). This means their cyber operational capabilities are intact even as physical internet infrastructure has been destroyed.

Why It's Spreading Now

This Iran conflict is likely to be recorded as a textbook case of hybrid warfare. At MWC 2026 in Barcelona, Palo Alto Networks EMEA Chief Security Officer Scott McKinnon warned:

"When conflict breaks out, not only physical defense and attack systems but also 'cyber sidearms' are deployed together. I am confident that cyber activity will surge dramatically in the coming days."

Cybersecurity experts note that state hackers are either evacuating from bombing sites or lying low due to internet blackouts. Paradoxically, this is interpreted as a signal that a massive retaliatory cyberattack could erupt the moment the situation stabilizes.

Context: How Strong Is Iran's Cyber Capability?

Iran rapidly expanded its cyber capabilities after the 2010 Stuxnet attack. As of 2025, Iranian-linked APT groups have been targeting:

• Financial infrastructure (SWIFT-connected banks, central bank systems)
• Energy infrastructure (nuclear plants, refinery SCADA systems)
• Satellite and communications systems
• AI research institutions and semiconductor supply chains

The WEF 2026 Cybersecurity Report found that 64% of organizations ranked "geopolitically motivated cyberattacks" as their top risk, and 91% of large enterprises reported modifying their security strategies due to geopolitical instability.

Warning 1: Korea's AI Foundation Model Project

Korea's Ministry of Science and ICT is pursuing an independent national AI foundation model project in 2026. Five elite teams — including LG AI Research, SK Telecom, and Upstage — are competing, and all five models they developed have been listed on Epoch AI's "Notable AI Models" registry. AI infrastructure of such strategic value becomes a prime target for state-sponsored hackers. Training data poisoning, model weight theft, and GPU cluster ransomware attacks are the key threat scenarios.

Warning 2: Aerospace and Satellite Communications

The next-generation satellite programs being developed by the Korea Aerospace Research Institute (KARI) and private aerospace companies have ground control systems connected to the internet. Iranian-linked hacker groups have previously attempted to penetrate satellite control systems, and inducing satellite malfunctions or stealing data are realistic scenarios.

Warning 3: CBDC and Financial Infrastructure

The Bank of Korea's CBDC (Central Bank Digital Currency) pilot system and major banks' core banking systems could be targeted. Past attack patterns by Iranian-linked hackers include a combination of financial system paralysis and psychological warfare (triggering bank runs).

Warning 4: Energy Infrastructure SCADA Systems

KOEPCO and Korea Gas Corporation's Industrial Control Systems (ICS/SCADA) have already faced attack attempts from Russian, Chinese, and North Korea-linked hackers. In Iran's hybrid warfare model, energy infrastructure attacks are classified as a core strike objective.

Warning 5: Semiconductor Supply Chain and EUV Infrastructure

Samsung Electronics and SK Hynix's global semiconductor supply chains are already in the spotlight due to the Samsung Taylor plant delay issue this week. A cyberattack causing EUV lithography equipment software malfunctions or quality data manipulation could result in hundreds of billions of won in damages.

Outlook: How Long Will This Last?

Security experts believe that while Iranian state hackers are currently dormant, a large-scale retaliatory cyberattack is likely to strike within 1–3 months once the war stabilizes or Iran's internet is restored. Iranian proxy hacker groups (including IRGC-linked ones) are already active and may have already completed their target selection.

As a key U.S. ally and a nation possessing advanced technology in semiconductors, AI, and aerospace, Korea cannot rule out the possibility of being included on the secondary retaliation target list.

Checklist: What to Do Right Now

References

• Iran War 'Cyber' Spread... Korea's AI and Space Projects Also a 'Variable' — MoneyToday
• The cyber war in Iran — POLITICO Morning Cybersecurity (2026-03-02)
• Iranian Hackers Use Elon Musk's Starlink To Stay Online — Forbes (2026-03-02)
• Iran conflict may trigger wave of geopolitical cyberattacks — Euronews (2026-03-02)
• Iranian Cyber Proxies Active But Nation-State Hackers Quiet — GovInfoSecurity (2026-03-02)
• Cyberattack on Iranian State Media and Others — Daum (Yonhap News)

Image Source

• Iranian flag image: Wikimedia Commons, Public Domain