The cyber warfare component of Operation Epic Fury, the joint U.S.-Israeli military operation launched against Iran on February 28, 2026, remains completely classified. Despite overwhelming circumstantial evidence that massive cyber operations accompanied the kinetic strikes, neither the United States nor Israel has officially confirmed that specific cyber effects were brought to bear during the first 48 hours of the campaign. As Breaking Defense reported, there has been “no official word from the US or Israel that cyber effects were brought to bear,” even as Iranian internet connectivity collapsed to just 4 percent of normal traffic levels according to NetBlocks monitoring data.
What we do know paints a staggering picture. The Jerusalem Post characterized what happened to Iran’s digital infrastructure as potentially the “largest cyberattack in history.” Iranian navigation systems went dark, IRGC communications infrastructure was disrupted, and the country’s energy and aviation data systems were subjected to deep intrusions and denial-of-service attacks. Yet the specific tools, vulnerabilities exploited, and tactical methodologies behind these operations remain locked behind classification walls. This article examines what has been publicly confirmed, what remains hidden, why the classification matters for public accountability, and what the fallout could look like in the weeks ahead.
Table of Contents
- Why Does the Cyber Component of Epic Fury Remain Classified Despite Obvious Evidence?
- What Did the Cyber Operations Actually Target Inside Iran?
- USCYBERCOM’s Role Beyond the Battlefield
- The Accountability Problem With Classified Cyber Warfare
- The Risk of Iranian Cyber Retaliation
- What the Internet Blackout Revealed About Cyber-Kinetic Integration
- When Will the Public Learn What Actually Happened?
- Conclusion
- Frequently Asked Questions
Why Does the Cyber Component of Epic Fury Remain Classified Despite Obvious Evidence?
The gap between what the world can observe and what the U.S. government will acknowledge about the cyber operations in Epic Fury is unusually wide. NetBlocks, an independent internet monitoring organization, confirmed that Iranian connectivity plunged to 4 percent of normal levels, a near-total nationwide shutdown that deepened rapidly from an initial 46 percent drop. When a country of 88 million people essentially vanishes from the internet in a matter of hours during a military operation, it does not take a classified briefing to understand that cyber operations were involved. Yet the pentagon has said nothing. The reason is straightforward, even if it is frustrating from a transparency standpoint. Confirming specific cyber capabilities reveals what the United States and Israel can do, which in turn reveals what adversaries need to defend against. Every disclosed tool or tactic has a shelf life.
The Stuxnet operation against Iran’s nuclear centrifuges, exposed publicly in 2010, became a case study in how revelation of cyber weapons leads to patching, adaptation, and proliferation. The classification of Epic Fury’s cyber component follows the same logic, but at a far larger scale. If U.S. Cyber Command used novel techniques to collapse Iranian communications and radar networks, acknowledging those techniques would allow Iran, Russia, and China to harden their own systems against them. The comparison to conventional weapons is instructive. When the United States drops a JDAM or launches a Tomahawk missile, the weapon type is publicly known, widely exported, and thoroughly documented. Cyber weapons are different. Their effectiveness depends entirely on the target not knowing about the vulnerability being exploited. This makes classification not merely a bureaucratic reflex but a genuine operational necessity, though it also means the American public may never learn exactly what was done in their name.
What Did the Cyber Operations Actually Target Inside Iran?
Based on publicly available reporting and analysis from defense and cybersecurity outlets, the cyber operations during Epic Fury targeted several overlapping systems. Electronic warfare disrupted Iranian navigation and communications systems. DDoS attacks and deep intrusions struck data systems tied to Iran’s energy and aviation infrastructure. IRGC communications infrastructure was specifically hit to prevent coordination of counterattacks and disrupt the ability to launch drones and ballistic missiles. Several Iranian news websites were also hacked amid the wider cyber activity. The targeting logic appears to have been layered. Space-based intelligence, electronic warfare aircraft, and cyber support elements likely degraded radar coverage, air defense coordination, and facility communications during the opening phase of the operation. In practical terms, this means Iranian air defense operators may have been unable to communicate with each other, radar screens may have gone blank or displayed false information, and command-and-control nodes may have been unable to relay orders to missile batteries.
If that is what happened, it would explain why the kinetic strikes achieved their objectives with relatively limited resistance. However, a critical limitation applies here. Almost everything in the preceding paragraph is inference. Analysts from CSIS, Breaking Defense, and other outlets have described how cyber operations “could have been used,” but they are careful to note that confirmation does not exist. The distinction matters. It is one thing for defense analysts to reverse-engineer probable tactics from observable effects. It is another for the U.S. government to confirm, deny, or take responsibility for those actions. Until declassification occurs, and it may not for decades, the public record will consist of educated speculation built on solid but incomplete evidence.
USCYBERCOM’s Role Beyond the Battlefield
U.S. Cyber Command’s involvement in Epic Fury reportedly extended beyond military disruption into information warfare. According to the Jerusalem Post, the United States used cyber operations to reach out to senior Iranian officials, IRGC members, and security forces with messages encouraging defection and regime change. This is a significant expansion of cyber operations from the tactical, knocking out radar and communications, to the strategic, attempting to fracture the internal cohesion of the Iranian regime. This approach carries historical echoes. During the 2003 invasion of Iraq, U.S. forces sent text messages and made phone calls to Iraqi military commanders urging them to surrender or stand down.
The cyber equivalent in 2026 is presumably more sophisticated, potentially involving compromised communications channels, targeted messaging to specific individuals based on intelligence profiles, and manipulation of information environments that Iranian officials rely on. Whether this effort has produced results is unknown, though the mere existence of such a campaign suggests that USCYBERCOM views psychological operations as inseparable from technical disruption. One notable incident highlights the fog of war in the information space. A viral message falsely attributed to USCYBERCOM circulated among U.S. troops, instructing them to disable location services and uninstall certain apps from their phones. Cyber Command officials denied issuing any such guidance. This episode is a useful reminder that information operations cut in multiple directions. If the United States is attempting to sow confusion and encourage defection inside Iran, it is reasonable to expect that Iran and its proxies will attempt the same against American forces, and in at least one instance, they appear to have succeeded in generating confusion.
The Accountability Problem With Classified Cyber Warfare
The complete classification of Epic Fury’s cyber component creates a genuine tension between operational security and democratic accountability. When the U.S. military drops bombs, the public can see satellite imagery of the damage, journalists can visit the sites, and congressional oversight committees can review targeting decisions. Cyber operations leave no craters. Their effects can be devastating, as the near-total collapse of Iranian internet connectivity demonstrates, but they are inherently invisible in ways that make oversight difficult. The tradeoff is real and does not have an easy resolution. On one side, declassifying cyber tactics would compromise future operations and potentially expose intelligence sources and methods. On the other side, allowing the executive branch to conduct operations of this magnitude without any public accounting sets a troubling precedent.
Congress has mechanisms for classified oversight through the intelligence committees, but the history of congressional cyber oversight is thin compared to the decades of institutional knowledge built around conventional military operations. The question is whether the existing oversight infrastructure is adequate for operations that the Jerusalem Post called potentially the largest cyberattack in history. For comparison, consider how the United States has handled other sensitive military capabilities. The existence of stealth aircraft was classified for years before the F-117 was publicly revealed in 1988. The drone strike program was an open secret for years before the Obama administration formally acknowledged it and established (limited) public guidelines. Cyber warfare is arguably following a similar trajectory, where capabilities are used extensively while the government maintains the fiction that it cannot confirm or deny their existence. Eventually, some version of the truth tends to emerge. The question is how long that process takes and how much has happened in the interim.
The Risk of Iranian Cyber Retaliation
Western cybersecurity experts are not waiting for official confirmation to prepare for consequences. Multiple sources indicate that the cybersecurity community is bracing for Iranian cyber reprisals against U.S. and Israeli targets. Iran has demonstrated significant cyber capabilities over the past decade, including destructive attacks against Saudi Aramco in 2012, intrusions into U.S. financial institutions, and campaigns against critical infrastructure across the Middle East. The warning is straightforward. Iran’s responses to Epic Fury are expected to include both cyber operations and physical attacks on U.S. and Israeli forces across the Middle East. From a cyber perspective, likely targets include U.S.
critical infrastructure, particularly energy and financial systems, Israeli government and military networks, and the infrastructure of Gulf states perceived as supporting the operation. The limitation that defenders face is that Iranian cyber capabilities, while less sophisticated than those of Russia or China, have historically been aggressive and willing to cause destruction rather than merely collect intelligence. What makes this moment particularly dangerous is the asymmetry. The United States demonstrated the ability to take an entire country largely offline. Iran cannot do the same to the United States. But Iran does not need to match that scale to cause serious damage. A successful attack on a regional power grid, a water treatment facility, or a financial clearinghouse would generate enormous disruption and political pressure. The classified nature of the U.S. cyber operations also means that deterrence messaging is complicated. It is difficult to deter an adversary by pointing to capabilities you refuse to officially acknowledge using.
What the Internet Blackout Revealed About Cyber-Kinetic Integration
The speed and depth of Iran’s internet collapse tells its own story about how cyber and kinetic operations were integrated. Initial reports indicated connectivity had dropped by at least 46 percent, but that figure deepened rapidly to the 4 percent level confirmed by NetBlocks. This progression suggests that the internet disruption was not a single strike but a rolling operation, potentially combining physical destruction of communications infrastructure with cyber attacks on routing and switching systems, and electronic warfare targeting wireless and satellite communications.
This kind of cyber-kinetic integration has been theorized and war-gamed for years, but Epic Fury may represent the first time it has been executed at this scale in a real conflict. The 2007 Israeli strike on a Syrian nuclear reactor reportedly included electronic warfare to blind Syrian radar, but that was a single-site operation. The 2022 Russian invasion of Ukraine involved cyber attacks on Viasat satellite communications, but those effects were limited and partially mitigated. Taking a nation of Iran’s size to 4 percent connectivity during an active military campaign is something qualitatively different, and the fact that nobody in an official capacity will discuss how it was done only underscores how closely guarded the methods are.
When Will the Public Learn What Actually Happened?
History suggests that significant details about Epic Fury’s cyber component will eventually enter the public record, but the timeline could be measured in years or decades. The Stuxnet operation, conducted around 2009 to 2010, was not officially acknowledged by the U.S. government for years, and much of the public understanding came from investigative journalism and independent security research rather than official disclosure. More recent cyber operations, including those against ISIS and Russian targets, have been discussed in general terms by officials but never in operational detail.
The most likely near-term sources of information will be congressional hearings where members make oblique references to classified briefings, investigative reporting that pieces together fragments from multiple sources, and analysis by cybersecurity firms that study the technical evidence from Iran’s network disruptions. For those who believe that a democracy should be able to evaluate what its military does, the classification of Epic Fury’s cyber warfare component is a problem without an obvious solution. The operational reasons for secrecy are legitimate. The democratic reasons for transparency are also legitimate. For now, secrecy is winning, and the full story of what may have been the largest cyberattack in history remains locked away.
Conclusion
Operation Epic Fury’s cyber warfare component represents a watershed moment in modern conflict, a demonstration of cyber-kinetic integration at a scale never before seen publicly, yet one that remains entirely unacknowledged by the governments that carried it out. The observable evidence, including Iran’s internet connectivity collapsing to 4 percent, IRGC communications going dark, and the disruption of air defense and missile launch capabilities, points to a coordinated and devastating cyber campaign. But the specific tools, tactics, and vulnerabilities exploited remain completely classified, leaving the public to rely on inference, expert analysis, and circumstantial evidence. The implications extend well beyond the immediate military operation.
The classification raises questions about democratic oversight of cyber warfare, the adequacy of existing congressional review mechanisms, and the ability of the public to evaluate the actions taken in its name. Meanwhile, the cybersecurity community is preparing for Iranian retaliation that could target U.S. and Israeli critical infrastructure. Whether the United States can deter such retaliation while refusing to officially acknowledge the capabilities it used is an open question, one that may be answered in the coming weeks not by policy papers but by events.
Frequently Asked Questions
Has the U.S. government confirmed any cyber operations during Epic Fury?
No. As of early March 2026, there has been no official confirmation from the United States or Israel that specific cyber effects were brought to bear during the operation. Breaking Defense explicitly noted the absence of any official acknowledgment despite strong circumstantial evidence.
How severe was the internet disruption in Iran?
NetBlocks confirmed that Iranian internet connectivity plunged to 4 percent of normal traffic levels, representing a near-total nationwide shutdown. The disruption deepened rapidly from an initial drop of at least 46 percent.
Did USCYBERCOM tell U.S. troops to disable location services during the operation?
No. A viral message falsely attributed to U.S. Cyber Command circulated with instructions for troops to disable location services and uninstall apps. Cyber Command officials denied issuing any such guidance.
What systems were reportedly targeted by the cyber operations?
Based on available reporting, cyber operations targeted Iranian navigation and communications systems, IRGC communications infrastructure, energy and aviation data systems, air defense coordination networks, and several Iranian news websites.
Is Iran expected to retaliate with cyber attacks?
Yes. Western cybersecurity experts are actively preparing for Iranian cyber reprisals against U.S. and Israeli targets. Iran’s responses are expected to include both cyber operations and physical attacks on U.S. and Israeli forces across the Middle East.
When will details about the cyber operations be declassified?
There is no established timeline. Based on precedent from operations like Stuxnet, significant details may not enter the public record for years or even decades. Most public understanding is likely to come from investigative journalism and independent security research rather than official disclosure.