Business Tech
19-03-2026 | 12:50
Coordinated Cyberattacks Hit Lebanese State, Raising Alarms Over Sovereignty and Internal Security
A wave of Iran aligned cyberattacks targeting Lebanese government and media platforms exposed critical vulnerabilities and sparked fears of politically driven digital warfare undermining state authority.
Messenger
Whatsapp
Threads
Email
Print
X
Facebook
Lebanon’s digital infrastructure came under a coordinated wave of cyberattacks, disrupting government services, knocking key websites offline and exposing what officials describe as a direct challenge to the state’s sovereignty.
By Wednesday, a number of Lebanon’s primary government websites, including domains associated with the presidency and several ministries, was either inaccessible or severely degraded. Major media outlets were also targeted, MTV and Lebanese Forces Sites, with at least one website defaced and others rendered intermittently unavailable. The scale and precision of the attacks have led senior officials to characterize the operation as far more than routine cyber disruption.
The attacks have been claimed by the Fatemiyoun Electronic Team, a Pro- Hezbollah, pro-Iranian cyber group widely assessed by threat intelligence firms to operate within networks aligned with Iran’s Islamic Revolutionary Guard Corps and its regional proxies. While the group presents itself as an ideological hacktivist collective, its targeting patterns and timing suggest a level of coordination consistent with organized proxy activity.
“This was not random. It was not opportunistic,” said Cyrille Najjar, Senior Advisor at the Office of the Ministry of State for Information Technology and AI. “The targets were chosen. Media outlets that oppose Hezbollah. Government entities that have taken positions against it. This was selective pressure, applied with intent.”
According to threat intelligence findings, the campaign began around March 15 with attacks on Lebanese media organizations, before escalating sharply on March 18 to include core government systems. In at least one instance, warnings were issued to Lebanese authorities regarding media coverage prior to the attacks, reinforcing the view that the operation was designed to coerce, silence and destabilize.
The primary method used in the attacks was distributed denial-of-service, or DDoS, overwhelming servers with massive volumes of traffic. In parallel, application-layer attacks were deployed to exhaust backend systems and prolong outages. Analysts observed that multiple government subdomains were targeted in rapid succession, demonstrating both coordination and operational capacity.
But beyond the technical execution, officials say the implications are political and legal.
“When a proxy group aligned with a domestic political actor conducts coordinated attacks against state institutions, this cannot be treated as a mere cyber incident,” Najjar said. “It raises the question of whether we are witnessing an act of hostility carried out through intermediaries.”
The framing is stark, and deeply sensitive in Lebanon’s fractured political landscape. Hezbollah, a powerful political and military force within the country, has long operated at the intersection of domestic politics and regional conflict. While no official attribution has yet been issued by the government, the alignment between the attackers’ targets and Hezbollah’s known political adversaries has intensified scrutiny.
For Najjar, the issue is no longer abstract.
“How can a minister sit in the Council of Ministers while their own political alignment is associated, directly or through proxies, with attacks on the Presidency and other ministries?” he asked. “This is not theoretical. This is an active campaign targeting the state. It challenges the very notion of collective governance.”
He added that the situation raises fundamental questions about legitimacy and accountability. “If the state is being targeted from within its own political ecosystem, then we are facing a breach of sovereignty that goes beyond cybersecurity. It becomes a matter of national security and integrity.”
Cybersecurity experts caution that while the current wave of attacks appears primarily focused on disruption, the risk of escalation remains significant. “DDoS is often the first layer,” Najjar said. “In previous campaigns, it has been followed by data exfiltration, leaks and psychological operations designed to intimidate and destabilize.”
Indeed, elements of that pattern are already emerging. The attackers have circulated propaganda content, issued direct threats and reportedly exposed personal information linked to media personnel. Such tactics are designed not only to disrupt systems, but to shape perception and behavior.
Despite the widespread outages, there is no immediate evidence of irreversible damage to critical infrastructure. However, the incident has exposed longstanding weaknesses in Lebanon’s cyber defenses, including fragmented systems, limited mitigation capacity and inconsistent security standards across institutions.
Emergency response efforts are underway to stabilize affected systems, reroute traffic through protective filtering services and secure exposed assets. At the same time, it has become urgent to create a national cybersecurity task force to coordinate response and strengthen resilience across the public sector.
But for officials like Najjar, the stakes extend far beyond technical recovery.
“This is a test of the state,” he said. “Not just of our systems, but of our political coherence. You cannot defend a nation externally if its internal structure tolerates actors aligned with those applying pressure against it.”
As Lebanon confronts overlapping crises, the events of the past 24 hours have forced a difficult reckoning. In an era where conflict increasingly unfolds in cyberspace, the boundaries between external threat and internal fracture are becoming harder to ignore.