The current Israel–Iran military conflict is taking place in the era of hybrid war, where cyberattacks amplify and assist missiles and troops, and is being waged between two countries with very capable destructive cyber weapons.
Iran is widely expected to retaliate against Israel’s missile strikes with cyber operations — and these could extend to American targets, according to cyber warfare experts and threat analysts.
“I would expect there to be a cyber component of both the Israeli and Iranian activities,” former White House advisor Michael Daniel told The Register.
Daniel, who now leads the threat-intel sharing nonprofit Cyber Threat Alliance, said both countries “have the capability to conduct a range of activities, from fully reversible DDoS [distributed denial-of-service] attacks, which could disrupt online services temporarily, to destructive wiper attacks. At the very least, I am sure both sides are using cyber capabilities to conduct espionage and reconnaissance.”
While cyber espionage began well before Israel’s June 13 strikes on Iran’s nuclear sites and military commanders, the worry is that Iran may launch destructive cyberattacks now that its military capabilities have been dealt a serious blow.
“Iranian cyber activity has not been as extensive outside of the Middle East but could shift in light of the military actions,” Google threat intelligence group chief analyst John Hultquist said in an email sent to The Register. “Iranian cyber espionage activity already targets the US government, military, and political [sector], but new activity may threaten privately owned critical infrastructure, or even private individuals.”
Tehran has the capacity to carry out destructive attacks — but to date, their success and technical sophistication have been limited.
The United States has too many cyber vulnerabilities that Iran can exploit – particularly in small unities and critical infrastructure operators
In 2023, Iran’s CyberAv3ngers carried intrusions across multiple US water systems, relying on default passwords for internet-accessible programmable logic controllers. In a second round of attacks, the Islamic Revolutionary Guard Corps-linked crew used custom malware to remotely control US and Israel-based water and fuel management systems.
But aside from posting videos bragging about the intrusions on their Telegram sites, the attackers didn’t really do anything with the access they gained to these critical systems.
“Fortunately, they didn’t understand what kind of access they had,” Annie Fixler, director of the Center on Cyber and Technology Innovation at the national security think tank Foundation for Defense of Democracies, told The Register. “They could have caused significant disruption if they had been savvier.”
If the loss of top generals and key facilities turns out to have crippled Iran’s chances of a successful military response, retaliation in cyberspace becomes an even bigger threat, she added.
“I would not be surprised to see Iran activate additional cyber operatives, instructing them to target anything and everything they can in Israel as well as in the United States,” Fixler said. “Even if the directive doesn’t come from Tehran, pro-regime hackers can read the writing on the wall and will launch additional operations.”
Israel has historically been fairly resilient against Iranian cyberattacks, according to Fixler. “The United States, however, has too many cyber vulnerabilities that Iran can exploit – particularly in small utilities and critical infrastructure operators,” she added. “US companies should be on alert so that they do not become targets of opportunity for Iran.”
However, much like they’ve done in the past, we should expect Iranian hackers to exaggerate or make false claims about the success of these disruptive cyberattacks, Hultquist added. “The goal of many of these operations is psychological rather than practical, and it is important not to overestimate their impact,” he said.
“When it comes to disruptive attacks, typically the Iranians have deployed wipers against targets in critical infrastructure and other organizations,” Hultquist told The Register. “We will probably see more of that in Israel and we could see it in the US as well. In those cases, it’s not unusual for them to claim that the attack is far more impactful than it really is.”
Cybersecurity advisor Tom Kellermann, who served on the Commission on Cyber Security under President Barack Obama, said he expects to see CyberAv3ngers and the Iranian Cyber Army launch destructive cyberattacks against water utilities, electric, and transportation infrastructure. “Wipers and NotPetya-style ransomware will be used,” he predicted.
Plus, he warned, it’s important to remember that Iran has an alliance with Russia and China, both of whom also have well-developed cyber weapons and government-backed cyber operatives at the ready.
“I foresee a systemic, pronounced campaign by not only the regime but [its] allies,” he told The Register. “If the US gets embroiled, I foresee China launching cyberattacks on behalf of [its] ally. If Israel hits Iran’s oil, which China is the largest importer of, China will also act.” ®
