After Israel launched a large-scale offensive against Iranian nuclear and military infrastructure, Operation Rising Lion, on June 13th, there has been an escalation in cyberthreats.
“The cyber domain is a primary theater in the Israel-Iran conflict. Organizations across Israel must be aware and brace for a wave of sophisticated and ideologically driven cyberattacks,” cybersecurity company Radware said following the Israeli operation in Iran last Friday.
Shortly after the news broke, the company noticed an increase in cyber activity by threat actors aligned with Iran. They claim to be attacking Tzofar – the Israeli public address system which notifies civilians of potential missile attacks.
Arabian Ghost claimed it had shut down several radio stations, and Team Bangladesh warned Jordan and Saudi Arabia about cyberattacks if they chose to support Israel. Another threat actor claimed they took down the Mossad’s website. And Handala, a pro-Palestinian hacktivist group, claimed it exfiltrated over two terabytes of data from two major Israeli energy companies, Delkol and Delek.
According to Radware, prominent Iran state-sponsored groups like APT34 (OilRig) and APT39 (Remix Kitten) continue to engage in surveillance, espionage, and disruptive operations targeting infrastructure.
“Iranian cyber operations are likely to be complemented by coordinated information warfare. Drawing from earlier campaigns, Iran is expected to activate AI-driven botnets and inauthentic social media personas to disseminate disinformation, erode public trust in Israeli leadership, and amplify divisive or destabilizing narratives,” Radware said.
Cyber hostilities between these two countries date back to at least 2010, when the first cyber weapon to cause physical destruction, the Stuxnet worm, was discovered. The infamous malware was programmed to mess with the systems of uranium-enriched centrifuges in hopes of disrupting Iran’s nuclear program.
Since 2020, Iran's cyber operations have been mostly focused on Israel, with coordinated campaigns targeting critical infrastructure. Israel has not publicly acknowledged any of the cyber incidents targeting Iran. However, some incidents have been linked to Israeli-linked cyber actors.
According to John Hultquist, chief analyst at Google Threat Intelligence Group, Iranian cyber activity in Israel is already persistent and aggressive. Interestingly, the goal of some of these operations, Hultquist claims, could be psychological rather than practical.
“Iran has the ability to carry out cyber espionage and disruptive cyberattacks, as well as information operations like hack and leak campaigns,” Hultquist said in a written statement to Cybernews.
“Many of these activities have met with limited success. For instance, though Iran has carried out some seriously disruptive cyberattacks, many have failed, and actors have repeatedly made false and exaggerated claims to bolster their impact.”
Your email address will not be published. Required fields are markedmarked