Reuters is reporting that Iranian cyberattacks on Israel have surged since the war started, following a statement from the Israeli cyber chief. Yossi Karadi, Director General of Israel’s National Cyber Directorate, told German newspaper Die Welt that in June 2025, during Israeli military operations against Iran, Israel’s authorities registered around 1,600 hostile cyber incidents.
Commenting on this news is SOCRadar CISO, Ensar Seker:
“An increase in cyber activity during periods of military conflict is expected, but what’s important isn’t just the number of incidents, it’s the shift in targeting and intent. During geopolitical crises, we typically see a broader mix of disruptive attacks, influence operations, espionage, and opportunistic campaigns occurring simultaneously. Many of these campaigns are designed to overwhelm defenders while creating strategic uncertainty rather than achieving a single technical objective
Organizations should also recognize that nation-state cyber campaigns rarely remain confined to government targets. Critical infrastructure, defense contractors, telecommunications providers, logistics companies, healthcare organizations, and multinational enterprises with regional operations often become indirect targets or collateral victims. Even organizations with no direct involvement in the conflict may experience increased phishing activity, credential theft attempts, DDoS attacks, or attacks against their supply chain.
Another notable trend is the growing integration of cyber operations with kinetic military activity. Cyberattacks increasingly support broader strategic objectives by disrupting communications, spreading disinformation, collecting intelligence, or distracting security teams before or during physical operations. This makes rapid detection, threat intelligence, and cross-sector information sharing more important than ever.
From a defensive perspective, organizations should assume that geopolitical events can rapidly change their threat profile. Security teams should strengthen identity security, closely monitor internet-facing assets, accelerate remediation of known exploited vulnerabilities, verify offline recovery capabilities, and continuously monitor for emerging indicators associated with regional threat actors rather than relying solely on traditional perimeter defenses.”
Previously, SOCRadar researchers have published an in-depth Iran-Israel Coflict Threat Landscape Report which can be read here: https://socradar.io/resources/report/iran-israel-conflict-threat-landscape-report/
Related
This entry was posted on June 29, 2026 at 2:48 pm and is filed under Commentary with tags Iran, Israel. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Iranian cyberattacks on Israel have surged since war, Israeli cyber chief says
Reuters is reporting that Iranian cyberattacks on Israel have surged since the war started, following a statement from the Israeli cyber chief. Yossi Karadi, Director General of Israel’s National Cyber Directorate, told German newspaper Die Welt that in June 2025, during Israeli military operations against Iran, Israel’s authorities registered around 1,600 hostile cyber incidents.
Commenting on this news is SOCRadar CISO, Ensar Seker:
“An increase in cyber activity during periods of military conflict is expected, but what’s important isn’t just the number of incidents, it’s the shift in targeting and intent. During geopolitical crises, we typically see a broader mix of disruptive attacks, influence operations, espionage, and opportunistic campaigns occurring simultaneously. Many of these campaigns are designed to overwhelm defenders while creating strategic uncertainty rather than achieving a single technical objective
Organizations should also recognize that nation-state cyber campaigns rarely remain confined to government targets. Critical infrastructure, defense contractors, telecommunications providers, logistics companies, healthcare organizations, and multinational enterprises with regional operations often become indirect targets or collateral victims. Even organizations with no direct involvement in the conflict may experience increased phishing activity, credential theft attempts, DDoS attacks, or attacks against their supply chain.
Another notable trend is the growing integration of cyber operations with kinetic military activity. Cyberattacks increasingly support broader strategic objectives by disrupting communications, spreading disinformation, collecting intelligence, or distracting security teams before or during physical operations. This makes rapid detection, threat intelligence, and cross-sector information sharing more important than ever.
From a defensive perspective, organizations should assume that geopolitical events can rapidly change their threat profile. Security teams should strengthen identity security, closely monitor internet-facing assets, accelerate remediation of known exploited vulnerabilities, verify offline recovery capabilities, and continuously monitor for emerging indicators associated with regional threat actors rather than relying solely on traditional perimeter defenses.”
Previously, SOCRadar researchers have published an in-depth Iran-Israel Coflict Threat Landscape Report which can be read here: https://socradar.io/resources/report/iran-israel-conflict-threat-landscape-report/
Share this:
Like this:
Related
This entry was posted on June 29, 2026 at 2:48 pm and is filed under Commentary with tags Iran, Israel. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.