Bank Hacks, Internet Shutdowns And Crypto Heists: Here’s How The War Between Israel And Iran Is Playing Out In Cyberspace

The war between Iran and Israel has already expanded from the battlefield into cyberspace.

The conflict between the two Middle East adversaries has so far largely played out in public view, with hundreds of missiles and drones causing mass casualties across major cities. But Iran and Israel have also been launching cyber attacks against one another from the shadows — which officials are now warning may soon spill over onto U.S. targets.

Overnight strikes by the U.S. against Iranian nuclear facilities have heightened the threat environment, and Iran could retaliate by hacking into U.S. electrical grids, water plants, and other critical sectors.

“Cyber is one of the tools of Iran’s asymmetric warfare,” said Alex Vatanka, senior fellow at the Middle East Institute.

The National Terrorism Advisory System warned Sunday of a range of Iranian threats to the U.S., including attacks on “poorly secured U.S. networks and Internet-connected devices.”

“Low-level cyber attacks against U.S. networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against U.S. networks.”

Joint Chiefs Chair Gen. Dan Caine told reporters on Sunday that U.S. Cyber Command was helping support the strikes, although he did not elaborate on its involvement.

A spokesperson for U.S. Cyber Command did not respond to a request for comment. A spokesperson for the Cybersecurity and Infrastructure Security Agency, the main U.S. cyber defense agency, declined to comment.

Critical infrastructure groups last week called on U.S. companies to proactively step up their defenses in anticipation of an attack.

Former CISA Director Jen Easterly posted on LinkedIn on Sunday that U.S. critical infrastructure organizations should have their “shields up” and be prepared for malicious cyber activity.

“While it’s unclear whether its cyber capabilities were at all impacted by recent Israeli strikes, Iran has a track record of retaliatory cyber operations targeting civilian infrastructure, including: water systems; financial institutions; energy pipelines; government networks; and more,” she wrote.

Both Iran and Israel are considered global cyber powers and have traded barbs online, particularly in the aftermath of the Oct. 7, 2023, Hamas attacks on Israel. An Iranian gang claimed responsibility for hacking into an Israeli hospital and stealing patient data in 2023, and an Israeli hacking group followed by shutting down large swaths of Iran’s gas stations.

But Israel’s cyber capabilities are widely considered more sophisticated. “The Iranians … are good, they are emerging, but I don’t think they're at the level of the Israelis or Americans,” Vatanka said.

Some of the most aggressive efforts over the past week have been cyberattacks against major financial institutions in Iran and disinformation campaigns aimed at causing chaos and confusion in Israel.

A pro-Israeli hacking group known as Predatory Sparrow claimed credit for a cyberattack last week on Iran’s Bank Sepah, which caused widespread account issues for customers. The group also later claimed credit for draining around $90 million from Nobitex, Iran’s largest cryptocurrency exchange, and for posting stolen Nobitex source code lists on the social media platform X.

Hackers also targeted Iranian news stations. Videos circulated online appeared to show Iranian state TV broadcasting anti-regime messages last week.

The Iranian government shut down the nation’s internet in response to the attacks late last week, a blackout that was largely still ongoing on Sunday.

“Gaining control of the flow of information is certainly to be expected from the regime … they suspect that there is maybe an attempt to mobilize public attention,” Vatanka said.

Top Iranian officials and their security teams were also advised last week to stop using internet-connected devices, in particular telecommunication devices, to protect against potential Israeli disruptions. Last year, thousands of pagers used by the Iranian proxy militant group Hezbollah exploded across Lebanon, leaving thousands injured.

One reason Israel’s cyberattacks may have been more effective in this round of fighting is that Israel struck Iranian facilities first, giving it more time to prepare its offensive and defensive options before Iran could retaliate.

Iran and its proxy organizations are fighting back, albeit on a smaller scale. Israel’s National Cyber Directorate warned Israelis abroad on Saturday not to fill out forms on malicious websites that are seeking to gather intelligence on these individuals.

Gil Messing, chief of staff for Israeli cyber company Check Point Software, said Saturday just before the U.S. strikes that his company had tracked cyber and disinformation campaigns against Israel “escalating a bit,” though no new major attacks had been reported.

Messing said that there was a “flood of disinformation” pouring onto social media last week, including messages discouraging Israelis from entering shelters during attacks and erroneous texts about gas and supply shortages.

Israel’s civilian cyber defense agency warned that Iran was renewing its efforts to hack into internet-connected cameras for espionage purposes.

John Hultquist, chief analyst for Google Threat Intelligence Group, posted on X on Saturday shortly after the attacks that Iranian cyber forces usually use their “cyberattack capability for psychological purposes.”

“I’m most concerned about cyber espionage against our leaders and surveillance aided by compromises in travel, hospitality, telecommunications, and other sectors where data could be used to identify and physically track persons of interest,” Hultquist wrote.