SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Ransomware
#
MFA
#
Cloud Security

Escalation drives heightened Israeli-Iranian cyber conflict risk

Today
Author image
By Sean Mitchell, Publisher

The current escalation between Israel and Iran following recent military operations is significantly impacting the cyber threat landscape in the Middle East, drawing analysis from cybersecurity experts at Google Cloud Security and Radware.

Persistent threats

John Hultquist, Chief Analyst at Google Threat Intelligence Group, commented on the evolving cyber dynamic:

"We expect Iranian cyber threat actors to rededicate themselves to attacks against Israeli targets in light of the recent military actions, though it's too early at this time to measure any changes. Iranian cyber activity in Israel is already persistent and aggressive, and has been for several years. "Iranian cyber activity has not been as extensive outside of the Middle East but could shift in light of the military actions. Targets in the United States could be reprioritized for action by Iran's cyber threat capability. Iranian cyber espionage activity already targets the US government, military, and political set, but new activity may threaten privately owned critical infrastructure, or even private individuals. "Iran has the ability to carry out cyber espionage and disruptive cyberattack as well as information operations like hack and leak campaigns. Many of these activities have met with limited success. For instance, though Iran has carried out some serious disruptive cyberattacks, many have failed, and actors have repeatedly made false and exaggerated claims to bolster their impact. The goal of many of these operations is psychological rather than practical, and it is important not to overestimate their impact."

Google Cloud's previous reporting, such as the "Tool of First Resort: Israel-Hamas War in Cyber" publication, provides further detail on relevant cyber tactics and capabilities in this region.

Escalation after Operation Rising Lion

The aftermath of Israel's Operation Rising Lion, which targeted Iranian nuclear and military interests, is being marked by heightened alertness across the Israeli cyber domain. The operation resulted in fatalities amongst senior Iranian military personnel and damage to infrastructure, increasing the likelihood of retaliatory cyber actions by both state-aligned groups and independent hacktivist organisations.

Historically, cyber confrontations between Israel and Iran have been ongoing since the exposure of Stuxnet in 2010. This malware targeted Iranian nuclear centrifuge operations and was one of the first known cyber tools to cause industrial-scale physical damage. Since then, Iran has intensified investment in its cyber offensive capabilities. Iranian-aligned actors have been responsible for attacks on targets in the West and Gulf regions, including distributed denial-of-service attacks against US financial institutions.

Shifting focus to Israel

From 2020, Iranian cyber operations have become increasingly targeted towards Israel. Groups including APT35 (Charming Kitten), MuddyWater, and CyberAv3ngers have reportedly attacked critical Israeli infrastructure such as water utilities, healthcare, and industrial systems. Conducts have ranged from attempted breaches of surveillance networks to reconnaissance on public transport networks. While Israel has not officially confirmed offensive cyber operations, several disruptions to Iranian critical infrastructure have been attributed to Israeli actors by foreign agencies.

Strategic outlet

With reported military losses limiting immediate conventional responses, Iran's capacity for physical retaliation is impaired, as detailed by Radware. Cyberattacks are now viewed as a more accessible alternative, offering a means to project strength and attempt to retaliate in the current climate. The recent damage to Iran's military capabilities, including the loss of around 20 high-ranking personnel and strategic facilities, may further drive an increased focus on asymmetric tactics in the cyber realm.

The impact on Iran's nuclear programme and leadership has, according to the assessment, weakened the regime's image. In such contexts, asymmetric tools like cyberattacks and influence operations are likely to be favoured for both retaliatory measures and as a demonstration of ongoing capability.

Multi-vector attacks anticipated

Radware highlighted that Iranian state-sponsored actors, such as APT34 (OilRig) and APT39 (Remix Kitten), remain active in espionage and infrastructure disruption activities, with efforts expected to intensify. Operational priorities are likely to include attempts to compromise Israeli government systems, steal sensitive information, and run phishing and zero-day exploit campaigns. These attacks may be disguised as legitimate communications or delivered via compromised service providers.

Disruptive cyber activities such as denial-of-service campaigns, deployment of ransomware, and the use of destructive malware are also flagged as probable. Iran is also expected to pair cyberattacks with information warfare, leveraging social media, botnets, and inauthentic personas to spread disinformation, erode trust within Israeli society, and amplify destabilising narratives.

Such influence operations may employ social platforms like Telegram, X (formerly Twitter), and TikTok as key channels. Reports show that pro-Iranian groups have increased their activities on these platforms, issuing threats against Israeli infrastructure and public systems. Warnings have also been issued to neighbouring states, such as Jordan and Saudi Arabia, regarding potential retaliatory targeting if they assist Israel.

Response recommendations

To counteract these threats, Radware advises enhanced monitoring across networks, prompt patching of systems, the use of multi-factor authentication, and heightened employee awareness of potential phishing. Incident response protocols should be reviewed, and organisations should be prepared to communicate publicly to mitigate the impact of disinformation.

The potential for further escalation and the broadening of cyber operations beyond the immediate conflict zone remains a focus for international security analysts. Proactive defensive measures and intelligence sharing continue to be advocated as the situation evolves.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Phishing-as-a-Service drives surge in cybercrime for 2025
Upwind names Rinki Sethi Chief Security Officer amid growth
Fake booking sites push malware as HP warns of click fatigue
Red Canary deploys AI agents to slash security investigation times
ReliaQuest details Black Basta’s legacy & rise of Teams phishing
Top stories
NiCE & Snowflake partner to boost secure AI-driven data sharing
Global survey reveals rising AI threats & costly API security gaps
CrowdStrike Falcon boosts AWS security with faster AI incident response
AU10TIX unveils AnyDoc AI tool to combat document fraud risk
Cloudflare blocks 108.9 billion cyberattacks targeting civil groups