Since the outbreak of the recent conflict involving Iran, Israel, and the United States, cyber warfare has emerged as a critical front, with Iran increasingly relying on digital operations to offset its conventional military limitations. Over the past month, hackers affiliated with Iran have launched thousands of cyberattacks targeting companies and organizations primarily in the U.S. and Israel, but also across the broader Middle East, illustrating the growing role of cyber capabilities in modern warfare.
One particularly notable incident highlights the sophistication and timing of these cyber tactics. During an Iranian missile strike on Israel, some Israelis with Android phones received text messages containing links promising real-time updates on nearby bomb shelters. Instead of helpful information, clicking the link installed spyware on their devices, granting hackers access to cameras, locations, and all stored data. Cybersecurity experts attribute this operation to Iran, noting its precise coordination with physical missile attacks represents a new fusion of digital and physical warfare.
Gil Messing, chief of staff at Check Point Research, a cybersecurity firm operating in Israel and the U.S., emphasized the unprecedented nature of this attack. "This was sent to people while they were running to shelters to defend themselves," he explained. The synchronization of cyberattacks with physical assaults marks a novel evolution in hostile tactics, reflecting how digital warfare is becoming deeply interwoven with traditional conflict.
Experts believe that this digital conflict will persist even if the current fighting ends. Cyberattacks are cheaper and easier to conduct than conventional military operations, and their goals are often different-focusing on espionage, theft, and intimidation rather than outright destruction or territorial conquest. While the volume of attacks is high, most have caused relatively minor damage to economic or military networks. However, they have forced many companies in the U.S. and Israel into a reactive stance, patching old vulnerabilities and shoring up defenses under constant pressure.
Cybersecurity firm DigiCert, based in Utah, has tracked nearly 5,800 cyberattacks linked to around 50 different Iran-affiliated groups since the conflict began. These attacks have targeted not only U.S. and Israeli companies but also organizations in Bahrain, Kuwait, Qatar, and other regional countries. Although many attacks can be deflected with up-to-date cybersecurity measures, organizations with outdated defenses remain vulnerable, facing significant disruption and resource strain even from unsuccessful attempts.
Michael Smith, DigiCert's field chief technology officer, highlighted the psychological dimension of these attacks, particularly for companies involved with military contracts. "There are a lot more attacks happening that aren't being reported," he said. Many cyberattacks appear designed to intimidate and erode confidence rather than cause substantial operational harm.
A recent example of this intimidation approach involved a pro-Iranian hacking group claiming responsibility for breaching an account linked to FBI Director Kash Patel. The hackers posted personal documents and photographs, many of which were over a decade old. Such attacks are largely symbolic, aiming to boost morale among Iranian supporters while undermining opponents' confidence without substantially affecting the broader war effort.
Smith noted that these high-volume, low-impact cyber operations serve as reminders that Iranian hackers can reach targets across continents, acting as psychological weapons. Looking ahead, Iran is expected to focus on the most vulnerable points in American cybersecurity, such as supply chains vital to both the economy and military logistics, as well as critical infrastructure including ports, rail stations, water treatment facilities, and hospitals.
Data centers have also become important targets, attacked both through cyber means and conventional weapons. Their critical role in supporting the economy, communications, and military information security makes them attractive objectives. For example, Iranian-backed hackers recently claimed responsibility for an attack on Stryker, a Michigan-based medical technology firm. The group Handala said the strike was retaliation for suspected U.S. actions that resulted in the deaths of Iranian schoolchildren.
Additionally, cybersecurity researchers at Halcyon disclosed another recent debilitating cyberattack on a healthcare company-though the firm's identity remains undisclosed. The hackers used tools linked to Iran to deploy destructive ransomware that locked the company out of its own network. Notably, no ransom was demanded, suggesting the attack's intent was to cause damage and chaos rather than financial gain.
Cynthia Kaiser, senior vice president at Halcyon, pointed out that the attacks on medical-related targets appear deliberate rather than opportunistic. "As this conflict continues, we should expect that targeting to intensify," she warned, underscoring the humanitarian implications of such cyber warfare.
Artificial intelligence (AI) is playing an increasingly significant role in this digital conflict. AI enables hackers to increase the speed and volume of attacks by automating many processes. However, its most profound impact may be in the realm of disinformation, where AI-generated deepfakes and fabricated content erode public trust and confuse perceptions of reality.
Both sides in the conflict have disseminated false images claiming atrocities or victories. One AI-created deepfake showing sunken U.S. warships has garnered over 100 million views, illustrating how quickly disinformation can spread. Within Iran, the government has restricted internet access and tightly controls information about the war, using propaganda and disinformation to shape public perception. Iranian state media, for example, have labeled authentic footage from the conflict as fake, sometimes replacing it with doctored imagery.
Recognizing the evolving threat landscape, the U.S. State Department established a Bureau of Emerging Threats last year to focus on new technologies and their potential misuse. This effort complements ongoing work at other agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA).
AI also benefits defenders, who use the technology to automate threat detection and response. Director of National Intelligence Tulsi Gabbard recently testified to Congress that AI will increasingly shape cyber operations, with both attackers and defenders leveraging these tools to enhance effectiveness and speed.
While Iran's cyber capabilities are significant, Russia and China remain the primary cyber adversaries for the U.S. Nevertheless, Iran has conducted several notable operations targeting American interests in recent years. These include infiltrations of President Donald Trump's campaign email system, attempts to breach military and defense contractor networks, attacks on U.S. water treatment plants, and efforts to impersonate American protesters online to covertly encourage protests against Israel.
This ongoing cyber conflict highlights how warfare has expanded beyond traditional battlefields into the digital domain, where intelligence gathering, psychological operations, and disruption can be achieved with relative anonymity and low cost. As Iran and its proxies continue to refine their cyber tools, the U.S., Israel, and their allies face the challenge of defending critical infrastructure, maintaining public trust, and countering disinformation in an increasingly complex and interconnected world.