Spyware Targets Israelis During Missile Strikes
During an Iranian missile attack, some Israelis with Android devices received text messages offering links to real-time bomb shelter information. These links instead installed spyware, granting hackers access to the phone’s camera, location, and all data. This operation demonstrates advanced coordination in the ongoing cyber conflict between the U.S., Israel, and Iran along with its digital allies.
Iran and its supporters leverage cyber tools to offset military gaps, integrating disinformation, artificial intelligence, and hacking into contemporary warfare. The deceptive texts aligned precisely with the missile strikes, marking a pioneering blend of digital and physical assaults.
“This was sent to people while they were running to shelters to defend themselves,” states Gil Messing, chief of staff at Check Point Research, a cybersecurity firm with offices in Israel and the U.S. “The fact it’s synced and at the same minute … is a first.”
Cyber Operations Persist Beyond Ceasefires
Experts predict the digital skirmishes will continue even after ceasefires, as they prove cheaper and less lethal than traditional warfare. These efforts prioritize espionage, data theft, and intimidation over destruction.
High-Volume, Low-Impact Cyber Onslaught
Iran-linked groups launch numerous cyberattacks with limited economic or military harm. However, these force U.S. and Israeli firms to address vulnerabilities swiftly. Investigators at DigiCert, based in Utah, have identified nearly 5,800 attacks from about 50 Iran-affiliated groups. Targets extend beyond the U.S. and Israel to Bahrain, Kuwait, Qatar, and other regional networks.
Modern defenses block many assaults, but outdated systems suffer damage, and all drain resources. Psychological effects weigh heavily on defense-related businesses. “There are a lot more attacks happening that aren’t being reported,” notes Michael Smith, DigiCert’s field chief technology officer.
A pro-Iranian hacking collective recently breached an account belonging to FBI Director Kash Patel, leaking decade-old photos, a resume, and personal files. Such flashy moves aim to rally supporters and erode enemy morale without altering the conflict’s course. Smith describes these as “a way of telling people in other countries that you can still reach out and touch them even though they’re on a different continent. That makes them more of an intimidation tactic.”
Focus on Health Care and Critical Infrastructure
Iran targets vulnerabilities in U.S. supply chains, economy-supporting sectors, and essentials like ports, rail, water facilities, and hospitals. Data centers face both cyber and physical threats, underscoring their role in economy, communications, and security.
Recently, the Handala group claimed a hack on Stryker, a Michigan medical technology firm, citing retaliation for U.S. strikes killing Iranian schoolchildren. Halcyon researchers detailed another assault on an unnamed health care provider using Iran-linked ransomware that locked the network without ransom demands, prioritizing disruption.
“This suggests a deliberate focus on the medical sector rather than targets of opportunity,” says Cynthia Kaiser, senior vice president at Halcyon. “As this conflict continues, we should expect that targeting to intensify.”
AI Amplifies Attacks and Disinformation
Artificial intelligence accelerates cyber operations, automates processes, and boosts disinformation’s reach. Fabricated images of atrocities or victories, including a deepfake of sunken U.S. warships viewed over 100 million times, erode public trust.
Iran restricts internet access and deploys propaganda, with state media dismissing real war footage as fake and promoting altered visuals. U.S. authorities established a State Department Bureau of Emerging Threats to counter such technologies, alongside initiatives at the Cybersecurity and Infrastructure Security Agency and National Security Agency.
AI aids defense too. “It will increasingly shape cyber operations with both cyber operators and defenders using these tools to improve their speed and effectiveness,” Director of National Intelligence Tulsi Gabbard told Congress.
Though Russia and China pose larger threats, Iran has targeted Trump’s campaign emails, U.S. water facilities, military networks, and defense contractors. Tehran-backed actors also pose as U.S. protesters online to incite anti-Israel demonstrations.
