Iran-Israel War Triggers a Maelstrom in Cyberspace - Dark Reading

THREAT INTELLIGENCE CYBERATTACKS & DATA BREACHES CYBER RISK VULNERABILITIES & THREATS NEWS Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific Iran-Israel War Triggers a Maelstrom in Cyberspace As Iran closes its cyberspace to the outside world, hacktivists are picking sides, while attacks against Israel surge and spread across the region. Nate Nelson,Contributing Writer June 19, 2025 5 Min Read SOURCE: EYAL WARSHAVSKY VIA ALAMY STOCK PHOTO As they trade missile strikes, Iran and Israel have also faced heavy waves of cyberattacks this past week. On June 13, Israel initiated a military offensive it called "Operation Rising Lion," aimed at crippling Iran's nuclear weapons program. The two countries' covert war has become overt since then, shifting power in the region and causing dozens of civilian deaths in Israel and hundreds in Iran along the way. As expected, hacktivists have flocked to the scene like vultures. Analysts are now tracking more than 100 different threat actors carrying out, or at least claiming to carry out, cyberattacks against either Iran or, more often, Israel. Iran, though, is the one implementing especially austere measures to protect its cyberspace. According to reports coming out of the country, the government has triggered a kind of cyber DEFCON 1 for government systems and employees, and imposed limitations on Internet and phone connectivity for citizens. Related:China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years Iran Shuts Down the Internet Iran's government and government-aligned media have indicated in recent days that the country is facing significant cyber threats coming from Israel. Earlier this week, the state-sponsored Mehr News Agency published an announcement from the country's Cyber Security Command. Officials claimed that "the Zionist regime has launched a massive cyber war against the country's digital infrastructure," and that "so far, many of these attacks have been successfully repelled and in other cases, technical teams are restoring services." Iran's government appears to be going full scorched earth in an effort to block Israeli sabotage. On Tuesday, the Islamic Revolutionary Guard Corps (IRGC)-affiliated Fars news agency reported that the country's cyber command ordered top government officials and their cybersecurity teams to abandon their connected devices. Multiple in-region news outlets have also suggested that the government has imposed a state of high alert across government organizations. Dark Reading has not yet been able to confirm this. Most severe of all, the government has restricted all Internet and international phone connectivity for its citizens, a trick it famously last used during the nationwide protests following the death of Mahsa Amini. The restrictions began June 13, but worsened significantly four days later, when bandwidth was reduced by around 80%. Source: NetBlocks via X In place of Internet service, the government is directing citizens to use its national intranet. Meanwhile, Elon Musk has indicated that Starlink is being made available for Iranian citizens. Though Starlink is illegal in Iran, experts have estimated that tens of thousands of terminals do exist within its borders. Related:INC Ransomware Group Holds Healthcare Hostage in Oceania Hacktivists vs. Israel Evidence suggests that Israel is facing far more cyberattacks than Iran, but of a lesser sophistication. From June 4 to June 12, researchers from Radware tracked three or four distributed denial-of-service (DDoS) attacks per day aimed at Israel. According to data they shared with Dark Reading, that figure shot up to 21 on June 13 and 34 the day following. Some 25 or more attacks have been claimed each day since, as of this writing. Israel is now the object of nearly 40% of all global hacktivist DDoS attacks, far outpacing any other country. Beyond DDoS attacks, hacktivists have also claimed leaks and spread malware and disinformation. For example, on June 18, the pro-Palestine "Handala" threat actor posted a leak of purportedly 425GB of data belonging to an Israeli shipping company, Mor Logistics Ltd. It also claimed to have obtained access to 4TB of "internal documents, sensitive research, and classified data" belonging to the Weizmann Institute of Science, a major Israeli research university that also happened to be struck by an Iranian missile Monday. Related:Chinese Cyber Threat Lurks In Critical Asian Sectors for Years Handala is just one of at least 60, but possibly more than 100, different hacktivist entities that researchers have observed attacking Israel in recent days. These include not only Iranian groups, but also groups from Russia, South Asia, and beyond. As Cyble noted in a security advisory to clients this week, "the groups appear to position themselves not only as digital combatants but also as part of a broader resistance media ecosystem," leading to a certain sense of shared purpose. Source: CyberKnow via X Pro-Israel threat actors are far harder to come by. To date, though, it's an Israel-aligned actor that has managed to pull off the most disruptive attack of the war. Around noon local time Tuesday, the website and ATMs belonging to Iran's Bank Sepah went down. The US has previously tied Bank Sepah to Iran's nuclear weapons program. Predatory Sparrow (aka Gonjeshke Darande) claimed responsibility for the Tuesday attack. Attacks Percolate to Other Countries Reflecting a related trend: Some of the other most frequently DDoSd countries in the world this week have included Egypt, Jordan, and Saudi Arabia. "Hacktivists have viewed them as too neutral in the conflict," says Daksh Nakra, senior manager of research and intelligence at Cyble. "Jordan has been the most frequent target outside of Israel. The attack claims have generally been accompanied by hashtags and propaganda linking them to the conflict." Pascal Geenens, director of threat intelligence for Radware, has also observed groups attacking both Israel and its neighbors as part of a single ideological campaign. "And everybody's talking about what might be the fallout for the US, especially now that there are some rumors going around on Telegram between hacktivists that the United States might join the war," he says. "I think as there's more chatter around the US getting involved in helping Israel in this conflict, that we might see more US attacks." On June 13, the IT-ISAC and Food and Ag-ISAC released a joint statement warning of the likelihood of increased attacks against US companies. They wrote that "now is the time for companies to become familiar with Iranian-affiliated threat actors and their TTPs." Read more about: DR Global Middle East & Africa About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ APPLICATION SECURITY Microsoft Patches 83 CVEs in March Update byJai Vijayan MAR 11, 2026 4 MIN READ THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE