An open cyber war has erupted as the military conflict between Iran and Israel escalates, drawing in over 100 distinct threat actors since Israel’s “Operation Rising Lion” on June 13.
In response to what its state media called a “massive cyber war,” Iran has enacted severe measures. The IRGC-affiliated Fars news agency reported that top officials were directed to abandon connected devices, and a near-total internet blackout was imposed on June 17. Bandwidth was cut by approximately 80% to control information and direct citizens to a national intranet. Despite the service being illegal in Iran, Elon Musk has indicated Starlink is active, with tens of thousands of terminals reportedly in the country.
While Iran imposed strict measures, Israel faced a higher volume of less sophisticated attacks. Cybersecurity firm Radware noted a surge in daily distributed denial-of-service (DDoS) attacks from a pre-conflict average of four to over 25. Israel now accounts for nearly 40% of all global hacktivist DDoS attacks. The pro-Palestine group “Handala” claimed on June 18 to have leaked 425GB of data from Israeli shipping company Mor Logistics Ltd. and alleged access to 4TB of sensitive data from the Weizmann Institute of Science, which was also physically struck by a missile.
In retaliation, the pro-Israel hacktivist group Predatory Sparrow (Gonjeshke Darande) claimed a highly disruptive attack on June 18 that took the website and ATMs of Iran’s Bank Sepah offline. The bank has been previously linked by the U.S. to Iran’s nuclear program.
The cyber conflict is impacting the wider region, with Egypt, Jordan, and Saudi Arabia also hit by frequent DDoS attacks. Cybersecurity firm Cyble suggests these nations are targeted by hacktivists for perceived neutrality. This has raised concerns of a spillover, particularly to the United States. On June 13, the IT-ISAC and Food and Ag-ISAC issued a joint warning for U.S. companies to prepare for an increased likelihood of attacks from Iranian-affiliated actors.
