Iranian Drone Strikes Hit Amazon Data Centers in Gulf, Disrupting Cloud Services + Maritime
Summary:
Iranian drone strikes struck three Amazon data center facilities in the UAE and Bahrain this week, disrupting cloud services across parts of the Middle East. The attacks came as part of Iran's broader retaliatory campaign following a major assault by U.S. and Israeli forces that killed Iranian Supreme Leader Ayatollah Ali Khamenei and several senior Iranian officials, with Iran's response extending beyond U.S. military bases to airports, hotels, and key oil and gas infrastructure. Amazon initially attributed the outages to connectivity and power issues before confirming the facilities had been physically struck by drones.
Security Officer Comments:
The attacks caused structural damage, disrupted power delivery, and triggered fire suppression systems that caused additional water damage inside the facilities. Local fire departments shut off power and generators while extinguishing fires sparked by debris. Roughly 60 AWS services in the region were disrupted, affecting web traffic and cloud-dependent businesses. In the UAE, two of the three availability zones were struck, while in Bahrain, one zone suffered a prolonged power outage and ongoing connectivity problems. Amazon has not confirmed whether any employees were injured.
Suggested Corrections:
Amazon is working with local authorities and prioritizing staff safety as recovery efforts continue, though the company cautioned that full recovery depends on restoring the affected infrastructure and that the broader operating environment remains unpredictable. Amazon advised customers in the Middle East to back up critical data and migrate applications to other AWS regions. The incident underscores the importance of multi-region cloud architecture and continuity planning, particularly for organizations with operations in geopolitically volatile areas.
Link(s):
https://therecord.media/iran-drone-strikes-hit-amazon-data-centers-gulf
--
Maritime Cyber Attacks - TLP: GREEN
Additionally there were cyber attacks on maritime targets allegedly by Charming Kitten, one of Iran's most sophisticated threat actors.
On Monday, March 2, 2026, maritime transportation system (MTS) stakeholders shared reconnaissance threat activity potentially linked to Iranian-nexus threat clusters, including those associated with Charming Kitten (also known as Mint Sandstorm).
Indicators of Compromise:
bytl[.]ink
services-activities[.]site
bytli[.]ink
lnked[.]inkfylor[.]cyou
185[.]186[.]244[.]0/24
172[.]94[.]9[.]0/24
185[.]93[.]89[.]37
185[.]93[.]89[.]138
MITRE ATT&CK:
Iranian drone strikes struck three Amazon data center facilities in the UAE and Bahrain this week, disrupting cloud services across parts of the Middle East. The attacks came as part of Iran's broader retaliatory campaign following a major assault by U.S. and Israeli forces that killed Iranian Supreme Leader Ayatollah Ali Khamenei and several senior Iranian officials, with Iran's response extending beyond U.S. military bases to airports, hotels, and key oil and gas infrastructure. Amazon initially attributed the outages to connectivity and power issues before confirming the facilities had been physically struck by drones.
Security Officer Comments:
The attacks caused structural damage, disrupted power delivery, and triggered fire suppression systems that caused additional water damage inside the facilities. Local fire departments shut off power and generators while extinguishing fires sparked by debris. Roughly 60 AWS services in the region were disrupted, affecting web traffic and cloud-dependent businesses. In the UAE, two of the three availability zones were struck, while in Bahrain, one zone suffered a prolonged power outage and ongoing connectivity problems. Amazon has not confirmed whether any employees were injured.
Suggested Corrections:
Amazon is working with local authorities and prioritizing staff safety as recovery efforts continue, though the company cautioned that full recovery depends on restoring the affected infrastructure and that the broader operating environment remains unpredictable. Amazon advised customers in the Middle East to back up critical data and migrate applications to other AWS regions. The incident underscores the importance of multi-region cloud architecture and continuity planning, particularly for organizations with operations in geopolitically volatile areas.
Link(s):
https://therecord.media/iran-drone-strikes-hit-amazon-data-centers-gulf
--
Maritime Cyber Attacks - TLP: GREEN
Additionally there were cyber attacks on maritime targets allegedly by Charming Kitten, one of Iran's most sophisticated threat actors.
On Monday, March 2, 2026, maritime transportation system (MTS) stakeholders shared reconnaissance threat activity potentially linked to Iranian-nexus threat clusters, including those associated with Charming Kitten (also known as Mint Sandstorm).
Indicators of Compromise:
bytl[.]ink
services-activities[.]site
bytli[.]ink
lnked[.]inkfylor[.]cyou
185[.]186[.]244[.]0/24
172[.]94[.]9[.]0/24
185[.]93[.]89[.]37
185[.]93[.]89[.]138
MITRE ATT&CK:
- T1595 - Active Scanning Scanning and probing of externally exposed services.
- T1046 - Network Service Scanning Probing externally exposed services is network service scanning.
- T1583.001 - Acquire Infrastructure: Domains - “typosquatted domains,” which requires domain acquisition.
- T1566 - Phishing Phishing attempts.