Iran Launches Counterattacks in Cyberspace

Tehran is struggling to hit Israel with its missiles and drones, but Tehran has another arrow in its quiver: cyber and influence operations. Already, attempted attacks against Israeli government websites, banks, telecommunications companies, and other critical infrastructure have jumped 700 percent since Israeli strikes on Iran began on June 13, according to American cybersecurity firm Radware. The company warned that this “cyber retaliation” is the work of Iranian state-backed operatives and pro-regime hackers.

Iranian Hackers Hit Israeli Companies

While Iran has not demonstrated an ability to penetrate critical government systems and maintain the level of access necessary to disrupt sensitive military operations, Iran has repeatedly and successfully conducted ransomware attacks against Israeli government and civilian targets, causing short-term disruptions. In the past two days, a prolific Iran-aligned hacktivist group known as Handala returned from a months-long hiatus and allegedly attacked multiple Israeli companies, including the petroleum company Delek Group.

John Hultquist, chief analyst with Google’s threat intelligence group, cautioned that Iranian cyber operatives may also step up attacks on U.S. companies as they have done in the past. Nonprofit information-sharing organizations are similarly warning that even if Iran does not directly target American companies, Tehran’s cyberattacks “could have indirect effects and cause disruptions to companies” in the United States. The U.S. Intelligence Community previously warned that Tehran is a “major threat to the security of U.S. networks and data.”

Pro-Regime Hackers Hope to Cause Civilian Casualties

Israeli authorities on June 14 warned citizens of a malicious, coordinated campaign posing as the Israel Defense Forces’ Home Front Command that was spreading misinformation.

More concerningly, yesterday, Israel’s National Cyber Directorate warned that malicious actors were distributing fake messages claiming that civilians should not use shelters. The directorate said that the effort is “an attempt to sow panic.” Israeli researcher Tal Hagin posted sample fake messages that warned of possible terror attacks against bomb shelters. Hagin concluded, “Those responsible are likely hoping for [fewer] citizens to be in shelters during the next Iranian missile barrage in order to raise the likelihood [of] a mass-casualty event.”

Since October 7, 2023, Iran has doubled down on its investment in capabilities to conduct these types of operations against Israel, according to Microsoft. Some Iranian propaganda apparently seeks to show the regime it is not impotent in the face of Israel’s military superiority. State media, for example, are falsely reporting that the Iranian military shot down Israeli F-35 aircraft, using AI-generated images to support the claims.

Citizens and Companies Need Information to Defend Themselves

Israeli authorities have been quick to debunk false pro-Iran propaganda and warn of Iranian cyber threats. American authorities should likewise provide actionable, concrete advice to U.S. companies about how to avoid falling victim to Iran’s attacks. The U.S. government should push this guidance publicly on government websites and provide this through industry-led information-sharing organizations that can distribute and amplify the guidance to U.S. companies that might incorrectly assume they are not on Iran’s radar. Iranian hackers often hit targets of opportunity and in the coming days and weeks are likely to strike anything in cyberspace that will send a message that Tehran remains a formidable threat to the United States and Israel.

Ari Ben Am is an adjunct fellow at the Foundation for Defense of Democracies’ (FDD’s) Center on Cyber and Technology Innovation (CCTI), focusing on emerging threats, influence and information operations, cyber operations, and hybrid warfare. Annie Fixler is the director of the CCTI and an FDD senior fellow. For more analysis from the authors and FDD, please subscribe HERE. Follow FDD on X @FDD, @FDD_CCTI, and @FDD_Iran. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.