Iranian Hackers Show Little Activity Following U.S. and Israeli Strikes
Following airstrikes by the United States and Israel on Iranian nuclear facilities, concerns quickly rose over the possibility of retaliatory cyberattacks from Iranian state-sponsored hackers. However, recent assessments by cyber experts in both countries suggest that Iran’s cyber threat may be overstated.
Cyber Threats Fail to Materialise at Scale
Despite heightened alerts, cyber defenders in the U.S. and Israel have reported no significant cyberattacks in the aftermath of the strikes.
“The volume of attacks appears to be relatively low,” said Nicole Fishbein, senior security researcher at Israeli cybersecurity firm Intezer.
“The techniques used are not particularly sophisticated.”
This lack of major activity stands in contrast to past incidents linked to Iran, including the 2012 Saudi Aramco hack and alleged attacks on U.S. casinos and water utilities.
Online Hacktivist Groups Claim Activity—But Evidence Is Lacking
A pro-Iran hacking group calling itself Handala Hack has claimed responsibility for various intrusions into Israeli and Western companies. However, Reuters has not been able to verify these claims, and cybersecurity analysts believe the group’s impact is modest at best.
Researchers suspect the group may be operating under the direction of Iran’s Ministry of Intelligence, having emerged in the wake of Hamas’ October 7, 2023, attack on Israel.
“It’s the usual mix of ineffectual chaos from the genuine hacktivist groups and targeted attacks from the Iran-linked personas that are likely having some success but also overstating their impact,” said Rafe Pilling, lead threat intelligence researcher at Sophos.
Phishing and Surveillance Attempts Linked to Iran
Israeli cybersecurity company Check Point Software has identified phishing campaigns traced back to Iran’s Revolutionary Guard Corps (IRGC). Targets have included:
- Israeli journalists
- Academic officials
- Other public figures
In one unusual case, attackers tried to lure a victim into a physical meeting in Tel Aviv, though the motive behind this tactic remains unclear.
Iranian Hackers Exploit Security Camera Vulnerabilities
Check Point’s Sergey Shykevich, manager of threat intelligence, noted:
- Some data destruction attempts targeting Israeli organisations have occurred, though names were not disclosed.
- There has been a spike in attempts to exploit vulnerabilities in Chinese-made security cameras—likely aimed at monitoring damage from Israeli airstrikes.
These tactics reflect the asymmetrical cyber operations Iran deploys compared to the more advanced and coordinated cyber activities often attributed to Israeli cyber forces.
Official Silence and Denial
- Iran’s mission to the United Nations in New York did not respond to requests for comment.
- Iran routinely denies involvement in any hacking or cyber warfare campaigns.
Final Thoughts
Despite initial fears, Iran’s cyber response to military strikes appears to be limited in scale and sophistication. While pro-Iranian groups continue to claim responsibility for hacks, independent verification remains scarce, and the real-world impact is modest.
The situation underscores the complexity of modern cyber warfare, where online threats do not always match the rhetoric and may be more psychological than tactical.
