Iran has most frequently targeted Israel, the US, the UAE and India with attempted cyber attacks this year, according to a digital defence report from Microsoft.
The US technology giant’s analysis, the Digital Defence Report 2025, pointed out that although Iran was significantly impacted by conflict, such as its brief air war with Israel in June and US attacks on its nuclear facilities, Tehran’s nefarious cyber activity remained largely unaffected.
“The volume of Iranian state-linked cyber activity remains consistently high, with persistent campaigns observed across diverse industries,” the report read. “Microsoft has observed increased overlap in tactics, techniques, and procedures among certain Iranian state actors, suggesting possible formal or informal collaboration, including shared resources or personnel.”
Israel, the US and the UAE were the top three targets of nefarious nation-state cyber actors overall. Greece, Azerbaijan, Saudi Arabia, the UK, Turkey and Iraq were also among the top 10 countries targeted by Iran in various cyber operations, but Israel was by far the top target, accounting for more than half of attempted cyber attacks from Tehran.
Microsoft also said that throughout 2025, Iran significantly broadened its cyber targets to include various shipping and logistic firms, “raising the possibility that Iran may be pre-positioning to have the ability to interfere with commercial shipping operations”.
Washington has increasingly called out Iran for what it has described as unrelenting attempts to target US technology infrastructure. In August, the FBI’s assistant director Brett Leatherman, who leads the bureau’s cyber operations division, said that a hypothetical cyber attack from Iran against US technology systems, data and infrastructure would probably be considered an act of war.
He pointed to several close calls in 2024, when the FBI was prompted to warn hospitals that Iranians were seeking to compromise US health providers by using ransomware. Ransomware is a type of malware designed to deny users, businesses or organisations access to their data stored on computers or servers until they pay a ransom.
Microsoft’s report also highlighted China, Russia and North Korea as nation-state cyber crime actors significantly increasing activities.
The wider report took a comprehensive look at the cyber crime landscape and examined phishing, social engineering, cloud threats and ransomware, among other cyber defence topics. In terms of overall cyber attacks, hacking and other digital crimes, the US experienced the greatest impact, followed by the UK, Israel, Germany and Ukraine.
IT firms, academic institutions, governments and think tanks were often the most sought-after entities to compromise, Microsoft said, adding that more than 50 per cent of identified cyber attacks had financial motives, while only 4 per cent were “motivated solely by espionage”.
Over the last decade, Microsoft has poured significant resources into its cyber crime facility at its headquarters in Redmond, Washington. Inside the centre there are specific offices occasionally used by the FBI, Secret Service and Department of Homeland Security to expedite investigations and collaboration efforts, depending on the cyber crime threats.
Microsoft has even developed a naming system for the various cyber crime entities it has identified and tracked over the years. Mint Sandstorm, Storm-2035, Sefid Flood, Salt Typhoon, Cotton Sandstorm and Taizi Flood are just a few of the many names given to groups operating out of Iran, China, Russia and North Korea.