UK businesses with a presence in the Middle East have been urged to step up vigilance against cyber threats from Iran after US-Israeli attacks.

The National Cyber Security Centre (NCSC) said there was “almost certainly” a heightened risk of an indirect cyber threat for organisations that had offices, or supply chains, in the Middle East.

The UK’s cybersecurity agency said Iran remained a threat despite an extensive bombing campaign that has devastated the country’s political and military leadership, including the death of its supreme leader, Ayatollah Ali Khamenei.

“Iranian state and Iran-linked cyber actors almost certainly currently maintain at least some capability to conduct cyber activity,” said the NCSC.

The agency said in an alert published on Monday that there was “likely” no significant change in the direct cyber threat from Iran to the UK, but organisations should prepare for the risk of collateral damage from Iran-linked hacktivists. It said organisations with a presence in the region should consider boosting monitoring of their IT systems and follow NCSC guidelines for dealing with a heightened threat of cyber-attacks.

Jonathon Ellison, the NCSC’s director for national resilience, said UK organisations and key infrastructure providers – such as airports and power stations – needed to “act now” in protecting themselves from potential attacks.

“In light of rapidly evolving events in the Middle East, it is critical that all UK organisations remain alert to the potential risk of cyber compromise, particularly those with assets or supply chains that are in areas of regional tensions,” he said.

Iran was blamed for a series of high-profile cyber-attacks between 2012 and 2014, against US financial institutions, the oil company Saudi Aramco and the Las Vegas-based Sands hotel and casino company.

Rafe Pilling, the director of threat intelligence at the cybersecurity company Sophos, said the UK was unlikely to be “high up” the list of targets for Iranian attacks but British companies could be caught up in forays by state-backed hackers.

“A lot of these hacktivist groups will go after targets opportunistically,” he said.

Pilling added that Iran was not as effective a cyber adversary as China or Russia, but as shown by the 2012-14 attacks, it could still cause problems. “Iran is not up there with China and Russia in terms of sophistication and scale, but it’s not to be underestimated,” he said.

CrowdStrike, a US cybersecurity firm, has said it is already seeing threatening activity from Iran-linked hackers including initiation of so-called distributed denial-of-service attacks, where assailants attempt to overwhelm a target’s servers with a flood of internet traffic.

Cynthia Kaiser, a former top official in the FBI’s cyber division and a senior vice-president at the anti-ransomware company Halcyon, said Iran’s cyber operations came from a “murky blend of state sponsorship, personal profiteering, and outright criminal behaviour”.

She added: “As Iran considers its response to US and Israeli military actions, it is likely to activate any of these cyber actors if it believes their operations can deliver a meaningful retaliatory impact.”

Kaiser said Halcyon had detected activity consistent with Iranian state groups trying to steal data from organisations that maintained significant personal records, probably to identify and locate potential Iranian dissidents. She added that a significant threat to companies operating in the Middle East could be physical attacks on datacentres that could “delay or stop business operations until a suitable alternative is brought online”.