February 3, 2025 | Policy Brief
Iran Conducts Cyberattacks to Terrorize Israelis
February 3, 2025 | Policy Brief
Iran Conducts Cyberattacks to Terrorize Israelis
The Iranian hacking group Handala last week breached an Israeli electronics firm that operates panic button systems in schools, causing red alert sirens to trigger in at least 20 kindergartens across Israel and terrorizing children. Such sirens are normally used to alert students and teachers to incoming rocket and missile fire. While Iran is often considered a second-tier cyber actor, its hackers regularly use influence operations to incite terror and panic.
Israel’s National Cyber Directorate confirmed the latest hack and warned that Handala also sent threatening text messages to tens of thousands of Israelis. Over the past 10 months, Handala has launched 50 operations against Israeli and international targets. The organization, which brands itself as pro-Palestinian, is one of many purportedly independent hacking groups that Iran uses to conduct cyber operations and psychological warfare against Israel. While the scale and frequency of Iran’s operations are concerning, Israel’s significant cyber defense capabilities usually mitigate the disruptive impacts. These defenses, however, do not stop Iranian bluster about their successes.
Dangerous but Exaggerated Operations
Purported Iranian hacks are often exaggerated or completely fictional. Earlier this week, Handala also claimed that it pilfered the personal information of police officers and firefighters from Israeli government systems and that it broke into the command-and-control systems of the Ministry of National Security (IMNS). IMNS and the Israel National Cyber Directorate, however, found no unusual activity in the ministry’s systems.
In April 2024, Handala claimed that it breached Israel’s Iron Dome radar system. Shortly thereafter, the group sent hundreds of thousands of threatening messages to Israeli citizens reading, “You only have a few hours to fix the systems.” Escalatory social media posts by Handala stated that “the chance to escape is less than ten seconds.” Yet the hackers never breached the Iron Dome. Rather, they merely hacked a text messaging system in an effort to stoke panic among Israelis.
Iran Uses Cyber Operations to Conduct Influence Campaigns
Exaggerating the effects of its cyber operations is a hallmark of the Islamic Republic. Iranian operators, for example, may assert they are leaking sensitive information from compromised systems. However, the operators often republish publicly available data. During the 2024 U.S. presidential election, Iranian hackers posted public voter registration information in an effort to prove that voting systems were compromised. They were not. Such conduct aims to incite fear and influence public opinion, a phenomenon known as “perception hacking.”
Washington Must Ensure Propaganda Does Not Become Reality
Iran’s efforts to conduct influence operations against American interests domestically and around the world require Washington to take Tehran’s operations seriously while remaining skeptical of Iranian claims. The Office of the Director of National Intelligence should continue the practice it started during the 2024 presidential election of issuing public statements and releasing guidance about the scope and impact, or lack thereof, of Iranian cyber and influence efforts against the United States. Iranian fearmongering can turn unsuccessful cyberattacks into successful influence operations. American intelligence, however, can prevent it.
Johanna (Jo) Yang is a research and editorial associate at the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD). Ari Ben Am is an adjunct fellow at CCTI, where Rohannah Shrestha is an intern. For more analysis from the authors and CCTI, please subscribe HERE. Follow Ari on X @ari_ben_am. Follow FDD and CCTI on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on foreign policy and national security.