Understanding the Israel-Iran Cyber Conflict

Executive Summary

The growing use of the cyber landscape during armed conflict presents a significant threat to global stability and digital infrastructure. Malicious activity can disrupt essential services, compromise critical systems, and reduce public and national trust. Effective mitigation includes the implementation of Distributed Denial-of-Service (DDoS) protection, continuous threat intelligence monitoring, and maintaining an incident response plan. Proactive security measures are vital in preserving operational integrity during periods of tension. 

Background

Recent Israel-Iran geopolitical attacks showcase a variety of cyber attacks used both defensively and offensively. What is now being coined as the ‘twelve-day war’ between Israel and Iran, from June 13 through June 25, 2025, stems from the brief twelve-day span in which an accumulation of building tension was expelled through airstrikes and cyber campaigns. On the first day of the war, Israel executed Operation Rising Lion with the help of the United States, in which airstrikes were conducted to diminish Iran’s military and nuclear power [1]. This marked the inception of the twelve-day war and new insights into digital attack tactics being used in tandem with modern war strategies.

Operations that followed the events on June 13 dabbled in both systematic and social attack techniques to disrupt availability. Alongside Israeli airstrikes, the pro-Israel hacking group Predatory Sparrow hit the Iranian crypto exchange Nobitex, stealing $90 million in cryptocurrency and making it unusable [2]. The group also executed a cyber campaign against Bank Sepah, which highlights the hacker’s lack of interest in the money itself, but instead, to send anti-Iranian messages. Iran was able to retaliate against both physical and cyber attacks, utilizing social engineering-based attacks. Using large-scale DDoS attacks that overwhelm rival systems, along with phishing operations and disinformation campaigns, Iran focused on disruption as its primary response, aiming to reduce functionality and create psychological pressure on their adversaries. 

Impact

Israel and the pro-Israeli groups’ attack efforts were able to affect the usability of critical infrastructure. This string of operations led to Iran shutting down the nation’s internet, dropping overall traffic by 97%, which collectively created a sense of distrust in the Iranian government and infrastructure among its people [3]. However, Iran’s DDoS attacks had psychological effects on its government and the public by flooding their systems with fake attack alerts, creating mass anxiety and pushing a narrative of Iran being a victim of Israeli attacks [2]. Even though both parties involved wielded different strategies, they both used the cyber landscape to support physical armed combat. 

Mitigation

In an era of increasing cyber warfare, nations must prioritize proactive preventative measures to protect key assets. Some precautions that can be taken include implementing DDoS protection for critical infrastructure that is commonly targeted, creating a threat intelligence monitoring system for adversarial channels and social media, and having an incident-response plan to distinguish between false and real breaches [4]. These mitigations are broadly applicable and strengthen a wide range of operational activities. Countries should be implementing cybersecurity precautions without provocation, but especially when there is tension between them and a rival government. 

Relevance

Due to a lack of international regulation on cyber warfare tactics, these methods are being used more than ever in geopolitical feuds. Recent clashes between countries such as Russia-Ukraine, China-Taiwan, and now Israel-Iran show that the cyber landscape has now been solidified as a second battleground. Although fighting in the cyber domain avoids immediate physical fatalities, cyber operations can still cripple critical infrastructure and create severe consequences across both private and public sectors. Hostilities of any kind should not be taken lightly and must require the establishment of terms of engagement to prevent the ramifications of war. 

References

[2] Baram, G. (2025, July 18). How Israel and Iran brought cyber conflict to the centre stage. Binding Hook. https://bindinghook.com/how-israel-and-iran-brought-cyber-conflict-to-centre-stage/

[3] Betul Yucer, E. (2025, June 27). AI turns cyberspace into a battleground in Israel-Iran conflict. TrtWorld. https://www.trtworld.com/article/f41e5d4212df

[1] Corn, G. (2025, July 25). Non-State Cyber Actors in the 12-Day War – The Gray Zone of LOAC, Part I. Lieber Institute West Point. https://lieber.westpoint.edu/non-state-cyber-actors-12-day-war-gray-zone-loac-part-i/

[4] Reddy, P. (2025, June 19). Part 1: The Iran-Israel Cyber Standoff – The Hacktivist Front. CloudSEK. https://www.cloudsek.com/blog/part-1-the-iran-israel-cyber-standoff—the-hacktivist-front