Despite claims made by Iranian hacking groups, cybersecurity experts saw few attempts to attack Israeli assets, most notably against Chinese-made security cameras.
After Israeli & US forces struck Iranian nuclear targets, officials in both countries sounded the alarm over potentially disruptive cyberattacks conducted by the Islamic Republic’s hackers.
Overestimated
However cyber defenders in the US & Israel say they have so far seen little out of the ordinary — a potential sign that the threat from Iran’s cyber capabilities, like its military, seemingly has been overestimated.
There has been no indication of the disruptive cyberattacks often invoked during discussions of Iran’s digital capabilities, such as its alleged sabotage of 10s of 1000s of computers at major oil company Saudi Aramco in 2012, or subsequent break-ins at US casinos or water facilities.
Relatively Low
“The volume of attacks appears to be relatively low,” stated Nicole Fishbein, a senior security researcher with the Israeli company Intezer. “The techniques used are not particularly sophisticated.”
Online vigilante groups, alleged by security analysts to be acting at Iran’s direction, boasted of hacking a series of Israeli & Western companies in the wake of the airstrikes.
A group calling itself Handala Hack claimed a string of data heists & intrusions, but there was no corroboration of its most recent hacking claims. Researchers say the group, which emerged in the wake of Hamas’s October 7, 2023, attack on Israel, likely operates out of Iran’s Ministry of Intelligence.
Ineffectual Chaos
Rafe Pilling, lead threat intelligence researcher at British cybersecurity company Sophos, concluded that the impact from the hacking activity appeared to be modest.
“As far as we can tell, it’s the usual mix of ineffectual chaos from the genuine hacktivist groups & targeted attacks from the Iran-linked personas that are likely having some success but also overstating their impact,” he explained.
Iran’s mission to the UN in New York did not respond to a request for comment. Iran typically denies conducting hacking campaigns.
Phishing Messages
Israeli firm Check Point Software said a hacking campaign it ties to Iran’s Revolutionary Guards had in recent days sent phishing messages to Israeli journalists, academic officials & others.
In 1 case, the hackers tried to lure a target to a physical meeting in Tel Aviv, according to Sergey Shykevich, Check Point’s threat intelligence group manager. He added that the reasoning behind the proposed meeting was not clear.
Chinese-Made
Shykevich observed that there have been some data destruction attempts at Israeli targets, which he declined to identify, as well as a dramatic increase in attempts to exploit a vulnerability in Chinese-made security cameras, likely to assess bomb damage in Israel.
The pro-Iranian cyber operations demonstrate an asymmetry with pro-Israeli cyber operations tied to the aerial war that began on June 13.
Israeli Hackers
In the days after the start of the conflict, suspected Israeli hackers have claimed to have destroyed data at one of Iran’s major state-owned banks. They also ‘burned’ roughly $90m in cryptocurrencies that the hackers allege were tied to Iranian Govt. security services.
Israel’s National Cyber Directorate did not return a message seeking comment.
Analysts observed that the situation is ‘fluid’ & that more sophisticated cyber espionage activity may be ‘flying under the radar.’
Heightened Threat Environment
Both Israeli & US officials have urged industry to be on the lookout. A June 22 Department of Homeland Security bulletin warned that the ongoing conflict was causing a heightened threat environment in the US & that cyber-players affiliated with the Iranian Govt. may conduct attacks against US networks.
The FBI declined to comment on any potential Iranian cyber activities in the US.
Missile Program
Yelisey Bohuslavskiy, the co-founder of intelligence company Red Sense, compared Iran’s cyber operations to its missile program. The Iranian weapons that rained down on Israel during the conflict killed 28 people & destroyed 1000s of homes, but most were intercepted, & none significantly damaged the Israeli military.
Bohuslavskiy outlined that Iranian hacking operations seemed to work similarly.
“There is a lot of hot air, there is a lot of indiscriminate civilian targeting, &, realistically, there are not that many results,” he concluded.
