Bank hacks, internet shutdowns and crypto heists: Here's how the war between Israel and Iran is playing out in cyberspace
The war between Iran and Israel has already expanded from the battlefield into cyberspace.
The conflict between the two Middle East adversaries has so far largely played out in public view, with hundreds of missiles and drones causing mass casualties across major cities. But Iran and Israel have also been launching cyber attacks against one another from the shadows — which officials are now warning may soon spill over onto U.S. targets.
Overnight strikes by the U.S. against Iranian nuclear facilities have heightened the threat environment, and Iran could retaliate by hacking into U.S. electrical grids, water plants, and other critical sectors.
'Cyber is one of the tools of Iran's asymmetric warfare,' said Alex Vatanka, senior fellow at the Middle East Institute.
The National Terrorism Advisory System warned Sunday of a range of Iranian threats to the U.S., including attacks on 'poorly secured U.S. networks and Internet-connected devices.'
'Low-level cyber attacks against U.S. networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against U.S. networks.'
Joint Chiefs Chair Gen. Dan Caine told reporters on Sunday that U.S. Cyber Command was helping support the strikes, although he did not elaborate on its involvement.
A spokesperson for U.S. Cyber Command did not respond to a request for comment. A spokesperson for the Cybersecurity and Infrastructure Security Agency, the main U.S. cyber defense agency, declined to comment.
Critical infrastructure groups last week called on U.S. companies to proactively step up their defenses in anticipation of an attack.
Former CISA Director Jen Easterly posted on LinkedIn on Sunday that U.S. critical infrastructure organizations should have their 'shields up' and be prepared for malicious cyber activity.
'While it's unclear whether its cyber capabilities were at all impacted by recent Israeli strikes, Iran has a track record of retaliatory cyber operations targeting civilian infrastructure, including: water systems; financial institutions; energy pipelines; government networks; and more,' she wrote.
Both Iran and Israel are considered global cyber powers and have traded barbs online, particularly in the aftermath of the Oct. 7, 2023, Hamas attacks on Israel. An Iranian gang claimed responsibility for hacking into an Israeli hospital and stealing patient data in 2023, and an Israeli hacking group followed by shutting down large swaths of Iran's gas stations.
But Israel's cyber capabilities are widely considered more sophisticated. 'The Iranians … are good, they are emerging, but I don't think they're at the level of the Israelis or Americans,' Vatanka said.
Some of the most aggressive efforts over the past week have been cyberattacks against major financial institutions in Iran and disinformation campaigns aimed at causing chaos and confusion in Israel.
A pro-Israeli hacking group known as Predatory Sparrow claimed credit for a cyberattack last week on Iran's Bank Sepah, which caused widespread account issues for customers. The group also later claimed credit for draining around $90 million from Nobitex, Iran's largest cryptocurrency exchange, and for posting stolen Nobitex source code lists on the social media platform X.
Hackers also targeted Iranian news stations. Videos circulated online appeared to show Iranian state TV broadcasting anti-regime messages last week.
The Iranian government shut down the nation's internet in response to the attacks late last week, a blackout that was largely still ongoing on Sunday.
'Gaining control of the flow of information is certainly to be expected from the regime … they suspect that there is maybe an attempt to mobilize public attention,' Vatanka said.
Top Iranian officials and their security teams were also advised last week to stop using internet-connected devices, in particular telecommunication devices, to protect against potential Israeli disruptions. Last year, thousands of pagers used by the Iranian proxy militant group Hezbollah exploded across Lebanon, leaving thousands injured.
One reason Israel's cyberattacks may have been more effective in this round of fighting is that Israel struck Iranian facilities first, giving it more time to prepare its offensive and defensive options before Iran could retaliate.
Iran and its proxy organizations are fighting back, albeit on a smaller scale. Israel's National Cyber Directorate warned Israelis abroad on Saturday not to fill out forms on malicious websites that are seeking to gather intelligence on these individuals.
Gil Messing, chief of staff for Israeli cyber company Check Point Software, said Saturday just before the U.S. strikes that his company had tracked cyber and disinformation campaigns against Israel 'escalating a bit,' though no new major attacks had been reported.
Messing said that there was a 'flood of disinformation' pouring onto social media last week, including messages discouraging Israelis from entering shelters during attacks and erroneous texts about gas and supply shortages.
Israel's civilian cyber defense agency warned that Iran was renewing its efforts to hack into internet-connected cameras for espionage purposes.
John Hultquist, chief analyst for Google Threat Intelligence Group, posted on X on Saturday shortly after the attacks that Iranian cyber forces usually use their 'cyberattack capability for psychological purposes.'
'I'm most concerned about cyber espionage against our leaders and surveillance aided by compromises in travel, hospitality, telecommunications, and other sectors where data could be used to identify and physically track persons of interest,' Hultquist wrote.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Hill
25 minutes ago
- The Hill
Hundreds protest in The Hague against NATO, days before the Dutch city hosts alliance summit
THE HAGUE, Netherlands (AP) — Hundreds of people protested Sunday against NATO and military spending and against a possible conflict with Iran, two days before a summit of the alliance in The Hague that is seeking to increase allies' defense budgets. 'Let's invest in peace and sustainable energy,' Belgian politician Jos d'Haese told the crowd at a park not far from the summit venue. Although billed as a demonstration against NATO and the war in Gaza, protesters were joined by Iranians who held up banners saying 'No Iran War,' the day after the United States launched attacks against three of Iran's nuclear sites. 'We are opposed to war. People want to live a peaceful life,' said 74-year-old Hossein Hamadani, an Iranian who lives in the Netherlands. Look at the environment. 'Things are not good. So why do we spend money on war?' he added. The Netherlands is hosting the annual meeting of the 32-nation alliance starting Tuesday, with leaders scheduled to meet Wednesday. The heads of government want to hammer out an agreement on a hike in defense spending demanded by U.S. President Donald Trump. The deal appeared largely done last week, until Spain's Prime Minister Pedro Sánchez wrote to NATO Secretary General Mark Rutte that committing Madrid to spending 5% of its gross domestic product on defense 'would not only be unreasonable, but also counterproductive.' U.S. allies have ramped up defense spending since Russian President Vladimir Putin ordered a full-scale invasion of Ukraine more than three years ago, but almost a third of them still don't meet NATO's current target of at least 2% of their gross domestic product. The summit is being protected by the biggest ever Dutch security operation, code named 'Orange Shield,' involving thousands of police and military personnel, drones, no-fly zones and cybersecurity experts. ___ Associated Press writer Molly Quell in The Hague contributed.
Los Angeles Times
32 minutes ago
- Los Angeles Times
Trump says he's open to ‘regime change' in Iran, even as his aides insist otherwise
WASHINGTON — President Trump on Sunday called into question the future of Iran's ruling theocracy after a surprise attack on three of the country's nuclear sites, seemingly contradicting his administration's calls to resume negotiations and avoid an escalation in fighting. 'It's not politically correct to use the term, 'Regime Change,' but if the current Iranian Regime is unable to MAKE IRAN GREAT AGAIN, why wouldn't there be a Regime change???' Trump posted on social media. 'MIGA!!!' The post on his social media platform marked a stark reversal from Defense Secretary Pete Hegseth's Sunday morning news conference that detailed the aerial bombing of Iran early Sunday. 'This mission was not and has not been about regime change,' Hegseth said. The administration has made clear it wants Iran to stop any development of nuclear weapons, and Secretary of State Marco Rubio warned on Fox News' 'Sunday Morning Futures' that any retaliation against the U.S. or a rush toward building a nuclear weapon would 'put the regime at risk.' But beyond that, the world is awash in uncertainty at a fragile moment that could decide whether parts of the globe tip into war or find a way to salvage a relative peace. Trump's message to Iran's leadership comes as the U.S. has warned Iran against retaliating for the bombardment targeting the heart of a nuclear program that it spent decades developing. The Trump administration has made a series of intimidating statements even as it has called for a restart of negotiations, making it hard to get a read on whether the U.S. president is simply taunting an adversary or using inflammatory words that could further widen the war between Israel and Iran that began with Israeli attacks on June 13. Until Trump's post Sunday afternoon, the coordinated messaging by his vice president, Pentagon chief, top military advisor and secretary of State suggested a confidence that any fallout would be manageable and that Iran's lack of military capabilities would ultimately force it back to the bargaining table. Hegseth had said that America 'does not seek war' with Iran, while Vice President JD Vance said the strikes had given Tehran the possibility of returning to negotiate with Washington. But the unfolding situation is not entirely under Washington's control, as Tehran has a series of levers to respond to the aerial bombings that could intensify the conflict in the Middle East with possible global repercussions. Iran can block oil being shipped through the Strait of Hormuz, attack U.S. bases in the region, engage in cyberattacks or accelerate its nuclear program — which might seem more of a necessity after the U.S. strikes. All of that raises the question of whether the U.S. bombing will open up a more brutal phase of fighting or revive negotiations out of an abundance of caution. In the U.S., the attack quickly spilled over into domestic politics, with Trump spending part of his Sunday going after his critics in Congress. He used a social media post to lambaste Rep. Thomas Massie (R-Ky.), a stalwart Trump supporter who had objected to the president taking military action without specific congressional approval. 'We had a spectacular military success yesterday, taking the 'bomb' right out of their hands (and they would use it if they could!)' Trump wrote. Boak and Pesoli write for the Associated Press.
Yahoo
an hour ago
- Yahoo
Inside the attack: Details revealed of secret US mission to bomb Iran
WASHINGTON – The June 21 attack on three of Iran's nuclear facilities was weeks in planning, started with a decoy flight of B-2 stealth bombers over the Pacific Ocean and culminated with the first use of the Pentagon's most powerful conventional bombs. The attack, dubbed Operation Midnight Hammer, involved more than 125 warplanes, submarines and surface warships, Air Force Gen. Dan Caine, chairman of the Joint Chiefs of Staff, told reporters the morning after the attack. It has also has put 40,000 U.S. troops in the region on high alert for potential retaliation from Iran. 'This was a highly classified mission with very few people in Washington knowing the timing or nature of this plan,' Caine said. More: How does a bunker-buster bomb work? A closer look at the GBU-57 US bombs Iran: Visual timeline shows how operation Midnight Hammer unfolded Caine described a timeline for the attack that began around 12 a.m. June 21. It began with B-2 bombers taking off from Whiteman Air Force Base in Missouri. Several of the stealth warplanes, the only ones capable of carrying the Pentagon's most powerful bunker buster, headed west over the Pacific. That was, Caine said, 'a deception effort known only to an extremely small number of planners and key leaders here in Washington and in Tampa,' where U.S. Central Command is headquartered. The attack force included seven of the 19 B-2 bombers in the Pentagon's fleet. Each stealth plane has a crew of two, and they flew east 'with minimal communications throughout the 18-hour flight into the target area,' Caine said. The B-2s needed to be refueled in midair multiple times, Caine said. They linked up with other warplanes as they neared Iran. At about 5 p.m. East Coast time, a U.S. Navy submarine launched more than two dozen Tomahawk land-attack cruise missiles at Isfahan, one of three Iranian nuclear sites targeted. Caine referred to 'several deception tactics, including decoys,' being deployed as the warplanes pierced Iranian airspace. He noted the use of fourth- and fifth-generation warplanes without specifying the type of warplane. Fourth-generation aircraft include workhorse attack planes like the F-15 and F-18, while fifth-generation are stealthy, like the Air Force's most sophisticated plane, the F-22. Those aircraft used 'high-speed suppression weapons,' Caine said. Those were likely missiles used to destroy radars that can target warplanes with surface-to-air missiles. It appears the Iranians did not fire at U.S. warplanes, he said. At about 6:40 ET, just after 2 a.m. in Iran, the lead B-2 bombers dropped two GBU-57 massive ordnance penetrators at the deeply buried nuclear site of Fordow, Caine said. In total, the planes dropped 14 of the massive bunker busters. The attack on the three sites lasted about 25 minutes, he said. 'Iran's fighters did not fly and it appears that Iran's surface-to-air missile systems did not see us throughout the mission,' Caine said. 'We retained the element of surprise. In total, U.S. forces employed approximately 75 precision-guided weapons during this operation.' Assessing damage to the sites will take time, Caine said. But initial indications are the three sites 'sustained extremely severe damage and destruction.' Iran has vowed to retaliate, and the Pentagon has 40,000 troops within range of Iran's ballistic missiles, according to a senior U.S. official. The Pentagon, in the run-up to the attack, had been fortifying its defenses, sending a second aircraft carrier strike group to the region and putting troops on increased alert. Caine told reporters that the operation was kept under tight wraps and that Congress was notified only after the strikes. Caine and Hegseth emphasized that the mission maintained tight "operational security." In March, Defense Secretary Pete Hegseth's texts of plans to attack the Houthis, Iranian proxy forces in Yemen, were accidentally leaked, including a message to other Trump officials that they were "clean" on operational security. National Security Adviser Mike Waltz was fired in the aftermath. "I am particularly proud of our discipline related to operational security, something that was of great concern to the president, the secretary, (head of U.S. Central Command) General Kurilla, and me," Caine said. This article originally appeared on USA TODAY: Details revealed of Trump's mission to bomb Iran's nuclear facilities
