In the aftermath of Israel's surprise bombing attack on Iran, Israeli officials found themselves under a barrage of malicious text messages containing harmful links. It was clear to them that the Iranian government was behind these attacks, which are part of a long-standing cyber war between the two nations that flared in intensity as physical conflict erupted in June.
Recent attacks have ranged from a cyber heist at an Iranian cryptocurrency exchange to a surge in spear-phishing campaigns that targeted prominent Israelis. Cybersecurity firm Check Point reported that these messages were disguised as coming from diplomats and even from Israel's prime minister's office. "It heated up after the start of the war, and it's still going on," said one Israeli official of the persistent text messages. "I'm still getting them."
While physical combat between the nations ended after 12 days, the digital conflict rages on. Iranian-aligned cyber groups have used recently discovered vulnerabilities in Microsoft server software to target Israeli businesses. Boaz Dolev, CEO of ClearSky, a cybersecurity company, confirmed this, stating, "Although there is a ceasefire in the physical world, in the cyber arena, [the attacks] did not stop."
Israel and Iran have been trading cyberattacks for years. Widely believed to have been behind the 2010 Stuxnet virus that crippled Iran's Natanz facility, Israel's cyber warriors seem to have dealt the heaviest blows this time. "Intelligence collection was the biggest game changer," Menny Barzilay, former chief information security officer for the Israel Defense Forces intelligence services, said.
Iran's Minister of Communications and Information Technology Sattar Hashemi, recently claimed that Iran experienced over 20,000 cyber-attacks during the conflict, calling it "the most extensive" campaign in the country's history. These attacks included disruptions to Iran's air defense systems as Israeli jets began their airstrikes on June 13. But according to Barzilay, the most significant role of digital warfare was the cyber-espionage campaign that preceded the military conflict. Israel's ability to gather detailed intelligence on Iranian nuclear scientists and military officials helped facilitate the assassination of several key figures early in the war.
One hacking group, Gonjeshke Darande, believed to be aligned with Israel, attacked the Iranian cryptocurrency exchange Nobitex, stealing $90 million. The group also targeted major Iranian banks, causing significant disruptions to services at state-owned Bank Sepah and privately owned Bank Pasargad. Iranian officials also faced substantial cybersecurity challenges, with Mohammad-Javad Azari Jahromi, a former technical manager at Iran's Ministry of Intelligence, blaming the country's centralized data systems for the breaches.
In response, Iranian cyber groups have targeted around 50 Israeli companies, including critical infrastructure providers, as well as leaking sensitive personal data. Meanwhile, they have launched disinformation campaigns, such as sending fake messages purportedly from Israel's home command system, which instructs citizens during emergencies.
Despite these setbacks, experts like Moty Cristal, a crisis negotiator, believe that cyber-attacks from Iranian-aligned groups are unlikely to cease. "It's a far easier way to hit back than further military action," he explained. The digital world's deniability allows both Israel and Iran to continue their cyber conflict, even as international pressures mount to avoid escalating the war further.
"Both Israel and Iran know that if they attack each other, US President Donald Trump will be angry. But you can do whatever you want in cyberspace and probably no one will say anything," Barzilay said, pointing out that cyberattacks provide both sides with a way to retaliate without the risk of broader international backlash.
