Executive Summary

On April 1, 2026, Iranian missiles struck the headquarters of Batelco — Bahrain’s largest telecommunications company — in the Hamala district. The facility houses Amazon Web Services infrastructure, and the strike triggered a massive fire, structural damage, and rendered portions of the complex inoperative. Bahrain’s Interior Ministry confirmed civil defense teams responded to extinguish the blaze following what it described as an Iranian attack.

This is not the first time. Exactly one month ago, we covered the initial strikes on AWS infrastructure in the Gulf when Iranian Shahed drones hit two AWS data centers in the UAE and damaged a third in Bahrain on March 1, 2026. Those facilities have never fully recovered. AWS ME-CENTRAL-1 has been in a state of degraded service or offline status for a solid month now.

Today’s attack is different. It was preannounced, deliberate, and part of a declared campaign. The IRGC published a target list of 18 US companies — and then followed through within hours.

The IRGC Hit List: 18 Companies, One Ultimatum

On March 31, 2026, Iran’s Islamic Revolutionary Guard Corps published a statement through its official Sepah News outlet and IRGC-linked Telegram channels naming 18 companies as “legitimate targets.” The full list:

Cisco, HP, Intel, Oracle, Microsoft, Apple, Google, Meta, IBM, Dell, Palantir, Nvidia, JPMorgan Chase, Tesla, General Electric, Boeing, Spire Solutions, and G42 (the Abu Dhabi-based AI firm).

The IRGC’s statement declared that US information and communications technology and AI companies are “the key element in designing and tracking terror targets” and that “for every assassination, an American company will be destroyed.” They set a deadline: targeting would begin Wednesday, April 1 at 8:00 PM Tehran time (4:30 PM UTC).

They told employees at all named companies to evacuate immediately and warned residents within one kilometer of these firms’ facilities across the entire Middle East region to leave.

Then they delivered. The Batelco strike came within hours of the deadline.

Timeline: A Month of Escalating Strikes on Cloud Infrastructure

Here’s what the escalation looks like when you map it out:

February 28, 2026 — The US and Israel launch Operation Epic Fury, a massive joint strike campaign against Iran. Supreme Leader Ali Khamenei is killed along with dozens of senior Iranian officials.

March 1, 2026 — Iranian Shahed drones strike two AWS data centers in the UAE (ME-CENTRAL-1 region) and damage a third facility in Bahrain (ME-SOUTH-1). AWS confirms power outages, structural damage, and water damage from fire suppression activation. EC2, S3, Lambda, and networking services go offline. These are the first known military strikes on a major American hyperscaler’s infrastructure. (Full analysis in our original coverage)

March 4, 2026 — Iran’s IRGC claims responsibility for the March 1 strikes, stating the AWS facilities were targeted because of Amazon’s support for the US military. AWS advises customers to migrate workloads to other regions and directs traffic away from Bahrain and the UAE.

Mid-March 2026 — Tasnim News Agency (IRGC-linked) publishes a list of 30 specific Big Tech locations across the Middle East identified as “enemy technology infrastructure,” including Amazon, Microsoft, Nvidia, and Palantir offices in Dubai and Tel Aviv.

March 24, 2026 — AWS Bahrain disrupted again by drone activity. Amazon tells customers to continue migrating away from affected regions. Services have still not been fully restored since the initial March 1 strikes.

March 31, 2026 — The IRGC publishes its 18-company kill list with an April 1 deadline.

April 1, 2026 — Iranian missiles strike Batelco headquarters in Hamala, Bahrain, housing AWS infrastructure. Fire confirmed. Civil defense responds. Amazon servers rendered partially inoperative.

Why Batelco Matters

Batelco is not just another telecom company. It’s Bahrain’s largest telecommunications operator, and its Hamala facilities serve as critical connectivity infrastructure for AWS’s regional cloud operations. AWS doesn’t operate in isolation — it relies on local telecommunications backbone providers for network connectivity, peering, and last-mile infrastructure. Hitting Batelco is like cutting the arteries that feed the data center, not just the data center itself.

This is a more sophisticated targeting approach than the March 1 drone strikes that hit the data centers directly. It demonstrates Iran has studied the infrastructure dependencies and is targeting the telecommunications layer that cloud providers depend on.

The Broader Pattern: Cloud Infrastructure Under Siege

What’s happening to AWS in the Gulf isn’t happening in a vacuum. We’ve been tracking a pattern of critical cloud infrastructure failures that has been building for months:

October 29, 2025Microsoft’s Azure Front Door outage cascaded into a global service disruption affecting Azure, Microsoft 365, Xbox Live, and thousands of customer-facing services. A single configuration error took down services for over 12 hours and impacted companies from Costco to Alaska Airlines.

November 18, 2025Cloudflare’s major outage rendered significant portions of the internet inaccessible for hours. ChatGPT, X, Spotify, and countless services went dark because a database permissions change caused an oversized Bot Management configuration file to crash proxy servers globally.

December 5, 2025 — Cloudflare suffered another outage affecting 28% of all HTTP traffic — this time while rushing to deploy WAF rules to mitigate the React2Shell vulnerability (CVE-2025-55182).

February 7, 2026 — Azure experienced a major outage across its West US region lasting over 14 hours, affecting compute, storage, networking, databases, and AI services.

February 20, 2026 — Cloudflare hit again — this time a BYOIP (Bring Your Own IP) service outage caused by a routing change that unintentionally withdrew 25% of customer BGP prefixes. The outage lasted over 6 hours.

And now, layered on top of all these self-inflicted configuration failures, we have deliberate, preannounced military strikes on cloud infrastructure in the Middle East.

The thesis we laid out in our original AWS data center article has moved from uncomfortable prediction to confirmed reality: physical kinetic risk to cloud infrastructure is no longer theoretical. It is operational.

What Makes This Attack Different — and Worse

The March 1 strikes could be characterized as collateral damage or opportunistic targeting during a broader retaliatory barrage. Today’s attack is fundamentally different in several ways:

1. It was preannounced. The IRGC gave a specific date, time, and list of targets. This isn’t fog-of-war collateral damage — it’s a declared campaign.

2. It targeted telecommunications infrastructure, not just the data center. Hitting Batelco demonstrates an understanding of cloud infrastructure dependencies that goes beyond “bomb the building with the servers.”

3. The target list extends far beyond Amazon. Microsoft, Google, Apple, Nvidia, Palantir, Oracle, IBM, Intel — essentially the entire backbone of Western digital infrastructure has been declared a military target across the entire Middle East region.

4. The justification framework has shifted. The IRGC’s argument — that commercial tech companies enabling military intelligence operations become legitimate military targets — challenges established interpretations of international humanitarian law and creates a precedent that will outlast this specific conflict.

5. The financial exposure is staggering. Microsoft has committed $15 billion to UAE expansion by 2029. Amazon has pledged $5 billion to an AI hub in Riyadh. Oracle, Cisco, and Nvidia announced a joint AI campus in the UAE with OpenAI. Hyperscaler capital expenditure is forecast to exceed $600 billion in 2026, with roughly 75% tied to AI infrastructure — and a massive portion was flowing into this exact region.

Cybersecurity and Business Implications

For Cloud Customers

If you have workloads in AWS ME-CENTRAL-1, ME-SOUTH-1, or any Gulf-region cloud infrastructure, the situation has gone from “monitor and prepare” to “execute your migration plan now.” AWS has been telling customers this since March. If you haven’t moved yet, today’s strike should end the debate.

But the implications go further than just the Middle East regions:

  • Third-party risk assessments need to account for vendors who depend on Gulf cloud regions, even if your own infrastructure isn’t there
  • Cyber insurance policies likely exclude losses from acts of war — confirm your coverage immediately
  • Business continuity plans need a “region evacuation” runbook that accounts for multi-week or permanent loss of an entire cloud geography
  • Supply chain mapping should identify any critical SaaS providers with Gulf-region dependencies

For the Cybersecurity Industry

The IRGC’s target list includes Palantir and multiple companies with significant defense and intelligence contracts. The Pentagon uses AWS for workloads including AI-powered intelligence analysis. The dual-use nature of commercial cloud infrastructure — serving both civilian and military customers — creates a targeting logic that Iran is exploiting and that other adversaries are certainly studying.

This is also a signal for nation-state cyber operations. If physical strikes on data centers become normalized, the barrier to cyber attacks on cloud infrastructure also drops. The precedent being set here reverberates far beyond the Persian Gulf.

For CISOs and Risk Managers

Update your risk registers. “Armed conflict affecting cloud infrastructure” has moved from the “low probability” column to “confirmed, recurring, and escalating.” Your next board presentation should include:

  • Geographic concentration risk for cloud workloads
  • Vendor dependency mapping for Gulf-region exposure
  • Insurance gap analysis for war exclusions
  • Updated RTO/RPO assumptions that account for permanent regional loss
  • Geopolitical risk as a standing agenda item in quarterly BCP reviews

What Happens Next

The IRGC named 18 companies and has struck one so far. The question is whether Microsoft, Google, Oracle, and the other named targets are next. Several of these companies have significant physical infrastructure in the Gulf — data centers, offices, campuses — that are now explicitly declared targets.

Bahrain has intercepted 174 missiles and 391 drones since the conflict began. But interception rates aren’t 100%, and as today’s strike demonstrates, some get through.

Forrester predicted at least two major multi-day hyperscaler outages in 2026 driven by AI infrastructure upgrades straining legacy systems. They didn’t predict that some of those outages would be caused by missile strikes. The cloud infrastructure risk landscape has fundamentally changed, and the industry’s response needs to match the severity of the threat.

The cloud was always physical infrastructure in a physical location. We just pretended it wasn’t. Today, for the second time in a month, reality corrected that assumption — and this time, it came with a warning shot list of who’s next.

Related Coverage from Breached.Company: