Date: March 2, 2026 (Last 24-48 hours)

Location: Gulf of Oman / Approaches to the Strait of Hormuz

Key Actors: Unspecified hostile actors (presumed Iran-aligned forces or proxies)

• Multiple commercial carriers were struck by projectiles or drones, prompting the JMIC to assess the regional threat level as CRITICAL.
• The vessel MKD VYOM (IMO 9284386) sustained a projectile strike above the waterline, resulting in a fire and the death of an Indian national crew member.
• The vessel SKYLIGHT (IMO 9330020) was hit 5 nautical miles north of Khasab, Oman, resulting in four crew injuries and an evacuation.
• Widespread electronic interference, including GNSS/GPS jamming and AIS anomalies, is reported across the Gulf, complicating navigation and increasing collision risk.
• Maritime traffic through the Strait of Hormuz has dropped by 80 percent due to elevated risk, despite no formal legal closure.

Geographical Context: Attacks targeted essential international shipping lanes near the Omani and UAE coasts, impacting the chokepoint for global energy supply.

• Commercial operators should adhere to US MARAD Maritime Alert 2026‑001A, avoiding the wider Hormuz/Gulf of Oman area where possible. https://www.google.com/url?q=https://www.skuld.com/topics/port/port-news/asia/maritime-security-update-gulf-region–strait-of-hormuz-and-red-sea/&sa=E&source=workflows
• Vessels must implement robust anti-spoofing and manual navigation protocols to counter severe GNSS/GPS interference.

Date: March 2, 2026 (Ongoing Surge)

Location: Global; Targets in the U.S., Israel, GCC countries, and India

Key Actors: Iranian State-Linked Threat Groups (e.g., Hydro Kitten, APT33), Pro-Iran Hacktivists (e.g., Handala Hack team, APTIran)

• Tehran-aligned groups have accelerated digital reconnaissance and are preparing for disruptive cyber activity following recent U.S.-Israeli strikes.
• Primary targets include government, critical infrastructure (energy, telecom), financial services, and defense-adjacent commercial entities.
• The threat actor Hydro Kitten has issued specific threats targeting the financial services sector.
• Observed activity consists largely of Distributed Denial-of-Service (DDoS) attacks, website defacements, and claims of compromise, many of which remain unverified by trusted intelligence.
• Indian critical infrastructure (IT service providers, financial institutions, telecom) is at increased risk of cyber spillover through indirect targeting by Iranian-aligned APT groups.

Geographical Context: Elevated threat environment across the Middle East, with immediate and short-term risks (days to weeks) for Western allies and infrastructure globally.

• Review and enhance Distributed Denial-of-Service (DDoS) mitigation and resiliency measures immediately. https://www.google.com/url?q=https://www.sophos.com/en-us/blog/cyber-advisory-increased-cyber-risk-amid-u-s-israel-iran-escalation&sa=E&source=workflows
• Maintain heightened vigilance for Phishing (T1566) and Brute Force/Password Spraying (T1110), common initial access vectors for these threat groups.
• Rely on trusted threat intelligence sources to validate claimed intrusions, as hacktivist groups frequently exaggerate operational impact.

Date: March 2, 2026 (Sanction Announcement)

Location: Puerto Vallarta, Mexico; Affecting U.S. citizens

Key Actors: Cartel de Jalisco Nueva Generacion (CJNG); Kovay Gardens resort; Associated sanctioned entities/individuals

• The U.S. Treasury sanctioned a major timeshare fraud network led by the terrorist organization CJNG.
• The network uses English-speaking call centers in Mexico, primarily near Puerto Vallarta, to defraud U.S. owners of timeshares, generating proceeds used to finance CJNG’s violence.
• Reported losses from these schemes to U.S. victims exceeded $300 million between 2019 and 2023.
• Re-victimization scams are common, where the network impersonates law firms promising to recover lost funds for an upfront fee.

Geographical Context: Operations are centered in CJNG strategic strongholds, directly leveraging illicit financial activities against foreign nationals.

• Financial institutions must review incoming Suspicious Activity Reports (SARs) that cite the FinCEN/OFAC/FBI joint notice on timeshare fraud to identify related suspicious transactions.
• Educate customers, particularly those with real estate holdings in Mexico, about re-victimization scams targeting recovery fees.

Date: February 28, 2026 (Arrest Date)

Location: Downey, California, U.S.

Key Actors: Bryant Najera Gonzalez; Nihilistic Violent Extremism (NVE) Group “764”

• A California man was arrested and charged for coercing minors into producing sexually explicit videos, including content featuring self-harm and self-humiliation.
• The defendant is associated with the NVE ideology known as “764,” which promotes a hatred of society and uses extortion to compel minors into self-mutilation and sexual exploitation.
• The case demonstrates a convergence of traditional criminal activity (CSAM, extortion) with nihilistic violent extremist ideology.
• The U.S. Homeland remains in a heightened threat environment, where lone offenders motivated by various ideological grievances continue to pose persistent threats to critical infrastructure and public gatherings.

Geographical Context: The arrest underscores the ongoing domestic threat from individuals radicalized online who operate within U.S. civilian sectors.

• Security awareness training should be updated to address the intersection of online sexual exploitation and coercive tactics used by ideologically motivated groups like NVE. https://www.google.com/url?q=https://www.justice.gov/usao-cdca/pr/downey-man-arrested-federal-complaint-alleging-he-groomed-girls-producing-sexually&sa=E&source=workflows
• Law enforcement and digital security analysts should integrate identifiers related to groups like “764” into their monitoring protocols.