Israel, Iran, and the US are engaged in a rapidly escalating cyber conflict that targets each other’s governments, militaries and critical infrastructure.
Military action by Israel and the US against Iran is spilling over into cyberspace amid a rise in digital attacks by hackers on both sides.
ADVERTISEMENT
ADVERTISEMENT
Joint US-Israel military Operation Roaring Lion, also known as Epic Fury, began this weekend with US President Donald Trump saying that operations could continue for several weeks.
Iran has launched a series of strikes across the Middle East, hitting American bases and airports in the United Arab Emirates (UAE), Bahrain, Qatar, and Kuwait. Several people have died.
What attacks have already taken place?
Iran’s BadeSaba Calendar, a popular religious app with over five million downloads on the Google Play store, was reportedly hacked on the weekend.
Users received notifications that said “Help is on the way!” and “It’s time for reckoning,” according to screenshots circulating on social media.
A group called the Islamic Cyber Resistance Axis has taken credit for several cyber campaigns, including an operation on Israeli defence company Rafael’s air defence systems and another drone detection service called VigilAir.
Euronews Next has contacted both companies for comment.
The group has reportedly tried to recruit cyber experts in a “great epic battle” to be waged against Israel and the United States.
Meanwhile, Handla Hack, a hacker persona that is linked to Iran’s Ministry of Intelligence and Security (MOIS), claimed that they conducted attacks in Jordan and threatened other countries in the region, according to cybersecurity firm Sophos.
A senior American official said the United States is using an “information warfare campaign” against Iran not only to disrupt the regime’s military capabilities, but to pressure senior regime officials to defect, according to the Jerusalem Post.
Euronews Next is working to independently verify this claim.
Iran’s internet has been severely limited for the last 48 hours due to restrictions from the regime, according to internet monitoring companies Netblocks and Cloudflare. It comes after an internet shutdown during protests that left the country without Internet for most of the month.
How has Iran mounted cyber campaigns in the past?
With conventional military operations crippled by Operation Epic Fury, Iran will rely on cyber attacks as its primary retaliation tool, according to an analysis from American cybersecurity company Anomali.
The Iranians have already mobilised APT42 and APT33, two groups with links to the Islamic Revolutionary Guard Corps (IRGC) and MOIS, known as MuddyWater, Anomali claims.
Iranian-linked groups are likely to target Israeli and American defence, government and intelligence networks in the coming days, according to an analysis from SentinelOne, an American cybersecurity company.
The most likely tactic that Iranian actors could use is to deploy wiper malware, which is malicious software designed to permanently erase data and disable computer systems, according to Anomali.
Another well-documented Iranian method is to launch distributed denial-of-service (DDoS) attacks, where attackers flood a website or online service with large amounts of internet traffic to knock it temporarily offline.
Iranian actors could amplify disinformation campaigns in an effort to “shape public perception” about any military failures or impact to civilians, SentinelOne wrote.
Themes to these disinformation campaigns could include allegations of Israeli war crimes, Israeli and American military losses, and fabricated claims of cyber retaliation.
Iranian groups have sometimes overstated their capabilities, according to Sophos, but they “remain capable actors.” In the past, Iranian actors have targeted critical infrastructure and the financial sector on top of government domains.
Last year, Israeli authorities claimed that pro-Iranian groups sent out fake text messages impersonating the Israeli Defence Forces (IDF) that warned of incoming attacks on bomb shelters.
How could Israel fight back?
The Israeli Defense Forces (IDF) have a cyberdefence organ, called Unit 8200, according to a report from Swiss university ETH Zurich. The unit works closely with the Israeli police and the US’ National Security Agency (NSA).
It is thought to be jointly responsible for several attacks, such as the Stuxnet attacks in the 2010s.
Stuxnet was a computer virus that damaged or destroyed the centrifuges, a key component used to enrich uranium, at Iran’s uranium enrichment facilities in Natanz, one of the facilities targeted in the recent missile fire from Israel.
Iranians accused Israel of using popular messaging app WhatsApp to spy on its citizens and gather information for the authorities during last year’s 12-day war.
Iranian authorities urged the public to remove the app from their smartphones during the conflict, despite refutations from Meta, WhatsApp’s parent company.
It’s not the first time that Israel has faced allegations of using spyware for surveillance, as Unit 8200 reportedly used Microsoft software to store the phone calls of Palestinians, according to the Guardian.
There are also some anti-Iranian groups that could get involved. Gonjeshke Darande, or “Predatory Sparrow,” claimed an attack on one of Iran’s most prominent banks, Bank Sepah, during the 12-day escalation against Iran last year.
Gonjeshke Darande has also taken credit for other cyber attacks against Iran, such as the 2022 attack on Iran’s steel plants and the 2023 attack on gas stations.
