An Iranian flag is seen on a computer
The decade-long cyber war between Israel and Iran has heated up significantly after the June war.
The decade-long cyber war between Israel and Iran has heated up after the June war, the Financial Times reported on Sunday. Israeli officials received several suspicious text messages with malicious links in the wake of the 12-day war.
“It heated up after the start of the war, and it’s still going on,” an anonymous Israeli official said. “I’m still getting them.”
Some recent attacks have included an Iranian cryptocurrency heist exchange, to spear phishing messages for Israeli diplomats or members of the Prime Minister’s Office.
While the two countries have an impermanent ceasefire, the war online never stopped, officials say.
THE REMAINS of a missile fired from Iran into Israel last week, seen in a forest in Safed. (credit: David Cohen/Flash90)
Ceasefire in action, but cyberattacks remain
“Although there is a ceasefire in the physical world, in the cyber arena, [the attacks] did not stop,” Boaz Dolev, chief executive of the Israeli cyberintelligence company ClearSky, told the FT.
Iranian-aligned groups have tried to use a vulnerability from a recent Microsoft software breach to attack Israeli assets, Dolev said.
Iran and Israel have carried out a decades-long shadow war, of which cyberattacks from both sides have played a significant role.
Iran’s Minister of Communications, Sattar Hashemi, told the FT that the Islamic Republic had faced its “most extensive” cyberattack campaign during the 12-day war, with over 20,000 attacks. One of these attacks shut down Iran’s air defense systems as Israel Air Force jets began the June 13 attack on Tehran.
But the attacks also played a vastly significant role in gathering intelligence on senior Iranian military officials and nuclear scientists, former Israeli officials told the FT.
The air defense cyber attack was tactical, officials told the FT.
“It was very specific, in order to allow Israel to make the first move,” said Menny Barzilay, a cybersecurity expert who served as the chief information security officer of the Israel Defense Forces intelligence services. “Intelligence collection was the biggest game changer.”
On the opposite side, an Israeli-aligned hacking group, Gonjeshke Darande, burned some $90 90mn from the Iranian crypto exchange company Nobitex by placing it in a digital wallet without private access keys.
Nobitex denied Gonjeshke Darande’s claims that it was a “tool” of the regime. The hacking group also attacked two major Iranian banks, including the state-affiliated Bank Sepah.
Dotin, a tech company that provides software for the attacked banks, said that the incident disabled the banks’ primary, backup, and disaster data.
ClearSky said that Iranian-backed groups had done hack-and-leak attacks on 50 Israeli companies, including logistics, dual, and HR companies. The hackers then leaked the resumes of thousands of Israeli citizens who worked in the defense establishment.
Some of the attacks also included messages that appeared to be from the Home Front Command, which advised Israelis to avoid bomb shelters. Hackers also tried to get into Israeli security camera systems to see where missiles were falling.
IDF Col. (res.) Moty Cristal, who has a wide breadth of experience negotiating with ransomware groups, noted that none of the attacks on Israel had a dramatic impact.
Iran, in contrast, suffered a major setback. Vice President Mohammad Reza Aref called for a “serious short-term action plan” to boost the Islamic Republic’s capabilities.
Mohammad-Javad Azari Jahromi, a former Iranian Intelligence Ministry technical manager, said that one issue was Iran’s “centralised concentration of data”. The IDF targeted commanders who had registered phone numbers and addresses with their bank accounts, he told the FT.
Israeli officials noted that they expected the cyber war to continue, especially given the extent of the damage that the Islamic Republic faced. It also allowed both sides to target each other, despite threats from US President Donald Trump to not continue the war.
“Both Israel and Iran know that if they attack each other, Trump will be angry,” Barzilay told the FT. “But you can do whatever you want in cyberspace, and probably no one will say anything.”