The conflict between Israel and Iran is rapidly extending into cyberspace, with a surge in state-backed and hacktivist cyberattacks targeting critical infrastructure, government agencies, and civilian systems across multiple countries. This digital front in the ongoing war is characterized by escalating retaliation, reckless tactics, and a growing reliance on artificial intelligence by less-sophisticated actors.
State-Sponsored Attacks: A Broadening Offensive
Multiple Iranian state-connected hacking groups, including those linked to the Islamic Revolutionary Guard Corps (IRGC), are actively breaching American and Israeli systems. Groups like CyberAv3ngers, APT33, and APT55 are exploiting weak security protocols – such as default passwords – to infiltrate industrial control systems (ICS) that manage essential services like water treatment plants, power grids, and manufacturing facilities.
APT33, for instance, uses common passwords to gain access to U.S. energy companies and attempts to disable safety mechanisms by installing malicious software. The Ministry of Intelligence and Security (MOIS) supports groups like MuddyWater, which operates as an initial access broker, stealing credentials to sell to other attackers. Handala, another key player, claimed responsibility for wiping data from the Hebrew University of Jerusalem and breaching Verifone, though the latter denies the attack.
These attacks are not isolated incidents; they are part of a larger wave of cyber operations in response to Operation Epic Fury.
U.S. and Israeli Countermeasures: A Silent War
The United States and Israel are also actively engaged in cyber warfare. U.S. Cyber Command reportedly disrupted Iranian communications and sensor networks, crippling their ability to coordinate effectively. Officials have confirmed the use of artificial intelligence (AI) alongside conventional cyber tools in this campaign. Israeli intelligence has allegedly exploited hacked traffic cameras in Tehran to aid in targeting key figures, including Ayatollah Ali Khamenei.
These counterattacks are largely covert, with limited public disclosure to avoid escalation.
The Rise of Hactivist Coalitions: A Chaotic Battlefield
Over 60 hactivist groups coalesced into the Cyber Islamic Resistance in the early stages of Operation Epic Fury, coordinating attacks through a Telegram-based “Electronic Operations Room.” This collective operates with less discipline than state-directed actors, resulting in potentially reckless and indiscriminate targeting of civilian infrastructure.
The group has claimed responsibility for attacks on Israeli defense systems, drone detection services, and even the electricity and water supply at a Tel Aviv hotel. They also hacked Iran’s BadeSaba Calendar app, sending provocative notifications to millions of users.
Regional Expansion: Russia, Syria, and Beyond
The conflict is expanding beyond Iran and Israel, drawing in actors from Russia, Syria, and Iraq. Pro-Iranian groups in Southeast Asia and Pakistan are also participating in cyberattacks against Kuwaiti, Romanian, and Bahraini government websites. Russian hacktivist group NoName057(16), previously known for attacks on Ukraine, has launched denial-of-service attacks against Israeli entities.
While some pro-Israeli hacktivist groups exist, their activity is less visible due to limited tracking by U.S. cybersecurity agencies. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) does not generate alerts for these groups.
The AI Factor: A New Level of Risk
The increasing use of AI by less-skilled actors poses a significant threat. Hactivists are leveraging AI to compensate for their technical limitations, potentially leading to more unpredictable and destructive attacks.
The chaotic nature of this cyber battlefield, combined with the escalating use of AI, suggests that collateral damage will continue to rise as the conflict intensifies.
The cyber warfare accompanying the Iran-Israel conflict is a new dimension of modern warfare, where state and non-state actors blur, and the potential for widespread disruption is high. The lack of transparency and clear rules of engagement make this a dangerous escalation with unpredictable consequences.
