While missiles streak across Middle Eastern skies, another war is being fought in silence — and it may be coming for your bank account.

Within 48 hours of the US-Israeli strikes on Iran, cybersecurity firm Palo Alto Networks detected a massive surge in cyberattacks emanating from Iranian-linked groups and their allies. At least 60 individual hacking groups are now active, including pro-Russian collectives that have joined the digital offensive. The targets are not just military systems. They are banks, airports, hospitals, energy companies, and ordinary people.

JPMorgan Chase CEO Jamie Dimon issued what may be the most chilling warning from any corporate leader since the conflict began. Speaking on CNBC Monday, Dimon said that cyberattacks and terrorist incidents were now a near-certainty as a consequence of the war. “They can’t match us militarily, so they’ll hit where it hurts — our networks, our operations, our customers,” he told CNBC’s Leslie Picker. “Banks may be targets.”

This is not speculation. It is already happening.

The most prominent Iranian cyber persona, Handala Hack, linked to Iran’s Ministry of Intelligence and Security, has claimed responsibility for compromising an Israeli energy exploration company, attacking Jordan’s fuel systems, and targeting Israeli civilian healthcare facilities. Perhaps most disturbing, Handala Hack reportedly sent direct death threats to Iranian-American and Iranian-Canadian influencers by email, claiming to have leaked their home addresses to “physical operatives” in their respective countries. Cybersecurity researchers describe this as an unprecedented escalation of threatening cyber activity against perceived critics of Iran.

Other groups are casting even wider nets. The FAD Team, or Fatimiyoun Cyber Team, specializes in wiper malware — programs designed not just to steal data but to permanently destroy it. They have claimed to gain unauthorized access to SCADA and PLC systems, the industrial control systems that run power plants, water treatment facilities, and manufacturing operations. A successful attack on such systems could cause physical damage in the real world.

Meanwhile, cybercriminals who are not even affiliated with Iran are opportunistically exploiting the chaos. In the UAE, where millions of terrified residents are sheltering from Iranian missile strikes, scammers are calling people pretending to be from the Ministry of Interior, claiming to “confirm receipt of a national alert” and then prompting victims to hand over passwords and banking credentials. The fog of war has created the perfect environment for social engineering attacks.

There is an ironic limitation to Iran’s cyber capacity right now: Iran’s own internet connectivity has plummeted to between 1 and 4 percent since the strikes began. The destruction of infrastructure and potential government blackouts have severely hampered the ability of state-based hackers operating from within Iran to coordinate sophisticated attacks. But the groups operating outside Iran — and their pro-Russian allies — face no such constraint.

The Riyadh Bank website has been targeted. The Bank of Jordan has been attacked. Airports in the UAE have been hit. An “Electronic Operations Room” was established on February 28, the same day the strikes began, coordinating cyber operations across dozens of groups simultaneously.

For ordinary consumers, the implications are serious. Bank security experts warn that the wave of attacks could trigger service disruptions at financial institutions, payment processing delays, and potential data breaches. JPMorgan alone has 80 million customers and processes trillions of dollars in daily transactions. A successful breach at any major financial institution could cascade through the global financial system.

Dimon, who has long called cybersecurity “one of the highest risks banks bear,” acknowledged that JPMorgan spends heavily on defense. But he also said something that should give every account holder pause: “We never try to predict when, why, where.”

The missiles are visible. The drones make the news. But the cyber war is invisible, borderless, and already inside the networks you depend on every day. The question isn’t whether an attack will succeed. It’s how big the damage will be when it does.