“It heated up after the start of the war, and it’s still going on,” one Israeli official told the FT.
Since the June 24 ceasefire, Iranian-aligned groups have attempted to exploit a recently identified Microsoft server software vulnerability to attack Israeli companies, according to chief executive of Israeli cyber threat intelligence company ClearSky, Boaz Dolev.
While the missiles stopped following the ceasefire that ended the 12-day war which saw massive destruction both sides, Iran’s cyber war has continued at full pace, as reported by Iran International in June.
“Although there is a ceasefire in the physical world, in the cyber arena, [the attacks] did not stop,” Dolev added.
Spear-phishing messages purporting to be from diplomats and the prime minister’s office have also surged, cyber security company Check Point told the FT.
During the June conflict, Israel-linked hackers carried out some of the most disruptive strikes of the campaign. Gonjeshke Darande, a group widely regarded as aligned with Israel, claimed responsibility for destroying $90mn from Iran’s Nobitex cryptocurrency exchange and crippling services at Bank Sepah and Bank Pasargad by disabling their main and backup data centers.
While Iran’s capabilities were not to be underestimated, none of the wartime attacks on Israel had dramatic impact, Moty Cristal, a crisis negotiator and lieutenant colonel in the Israeli military reserves, told the FT.
Dolev said Iranian-linked groups had retaliated with hack-and-leak operations against about 50 Israeli companies, alongside attempts to plant malware aimed at destroying computer systems.
While they appeared unable to penetrate the defenses of Israel’s military or largest firms, he said, the attackers targeted smaller, more vulnerable businesses in their supply chains.
These included logistics and fuel providers as well as human resources firms, with hackers later releasing the CVs of thousands of Israelis with defense and security backgrounds.
