After Israeli and American forces struck Iranian nuclear targets, officials in both countries sounded the alarm over potentially disruptive cyberattacks carried out by the Iranian hackers.
But as a fragile ceasefire holds, cyber defenders in the United States and Israel say they have so far seen little out of the ordinary – a potential sign that the threat from Iran’s cyber capabilities, like its battered military, has been overestimated.
There has been no indication of the disruptive cyberattacks often invoked during discussions of Iran’s digital capabilities, such as its alleged sabotage and subsequent break-ins at US casinos or water facilities.
"The volume of attacks appears to be relatively low," said Nicole Fishbein, a senior security researcher with the Israeli company Intezer. "The techniques used are not particularly sophisticated."
Online vigilante groups alleged by security analysts to be acting at Iran’s direction boasted of hacking a series of Israeli and Western companies in the wake of the airstrikes.
A group calling itself Handala Hack claimed a string of data heists and intrusions, but Reuters was not able to corroborate its most recent hacking claims. Researchers say the group, which emerged in the wake of Palestinian group Hamas’ October 7, 2023, attack on Israel, likely operates out of Iran’s Ministry of Intelligence.
Rafe Pilling, lead threat intelligence researcher at British cybersecurity company Sophos, said the impact from the hacking activity appeared to be modest.
“As far as we can tell, it's the usual mix of ineffectual chaos from the genuine hacktivist groups and targeted attacks from the Iran-linked personas that are likely having some success but also overstating their impact,” he said.
Iran's mission to the United Nations in New York did not respond to a request for comment. Iran typically denies carrying out hacking campaigns.
Israeli firm Check Point Software said a hacking campaign it ties to Iran’s Revolutionary Guards has in recent days sent phishing messages to Israeli journalists, academic officials and others.
In one case, the hackers tried to lure a target to a physical meeting in Tel Aviv, according to Sergey Shykevich, Check Point’s threat intelligence group manager. He added that the reasoning behind the proposed meeting was not clear.
Shykevich said there have been some data destruction attempts at Israeli targets, which he declined to identify, as well as a dramatic increase in attempts to exploit a vulnerability in Chinese-made security cameras – likely to assess bomb damage in Israel.
The pro-Iranian cyber operations demonstrate an asymmetry with pro-Israeli cyber operations tied to the aerial war that began on June 13.
In the days since the start of the conflict, suspected Israeli hackers have claimed to have destroyed data at one of Iran’s major state-owned banks. They also burned roughly $90 million in cryptocurrencies that the hackers allege were tied to government security services.
Israel's National Cyber Directorate did not return a message seeking comment.
Analysts said the situation is fluid and that more sophisticated cyber espionage activity may be flying under the radar.
Both Israeli and US officials have urged industry to be on the lookout. A June 22 Department of Homeland Security bulletin warned that the ongoing conflict was causing a heightened threat environment in the US and that cyber actors affiliated with the Iranian government may conduct attacks against US networks.
The FBI declined to comment on any potential Iranian cyber activities in the United States.
Yelisey Bohuslavskiy, the cofounder of intelligence company Red Sense, compared Iran’s cyber operations to its missile program. The Iranian weapons that rained down on Israel during the conflict killed 28 people and destroyed thousands of homes, but most were intercepted and none significantly damaged the Israeli military.
Bohuslavskiy said Iranian hacking operations seemed to work similarly.
“There is a lot of hot air, there is a lot of indiscriminate civilian targeting, and - realistically - there are not that many results,” he said.
