Israel and Iran’s secret cyber war: How Tehran, Tel Aviv are waging war online and why US is in the crossfire?

While missiles and drones dominate headlines in the Israel-Iran conflict, a parallel war is being fought in cyberspace. Behind the scenes, both countries have been launching cyberattacks on each other, and now, officials are warning that the United States could soon be caught in the crossfire. Following US airstrikes on Iranian nuclear sites, intelligence and military agencies are bracing for possible retaliatory cyber attacks targeting American infrastructure.

US warns of cyber threats to critical systems

On Sunday, the National Terrorism Advisory System issued a public warning about Iranian threats. These include potential attacks on “poorly secured US networks and Internet-connected devices.”

“Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely,” the advisory said, adding that actors “affiliated with the Iranian government may conduct attacks against US networks.”

General Dan Caine, Chair of the Joint Chiefs, confirmed that US Cyber Command had been involved in the recent strikes on Iran but did not provide details. Both Cyber Command and the Cybersecurity and Infrastructure Security Agency (CISA) declined to comment further.

Last week, security agencies and infrastructure leaders urged companies to improve their cyber defences. Former CISA Director Jen Easterly said on LinkedIn that organisations must be prepared: “Shields up.”

She added that Iran has a proven history of launching cyber attacks on civilian infrastructure, including “water systems, financial institutions, energy pipelines, government networks, and more.”

Iran and Israel’s long-running digital rivalry

Iran and Israel, both known for their cyber capabilities, have been trading blows online since at least 2023, after the Hamas attacks in October of that year. In one 2023 incident, an Iranian group hacked an Israeli hospital and leaked patient data. An Israeli group later retaliated by shutting down large parts of Iran’s fuel network.

While both countries are active in cyber warfare, analysts say Israel holds the upper hand. “The Iranians … are good, they are emerging, but I don’t think they’re at the level of the Israelis or Americans,” analyst Alex Vatanka said.

Over the past week, pro-Israeli hackers have intensified their attacks. The group known as Predatory Sparrow claimed responsibility for a cyberattack on Iran’s Bank Sepah, which disrupted customer accounts. They also took credit for stealing about $90 million from Nobitex, Iran’s largest cryptocurrency exchange, and posted the exchange’s source code online.

Iranian state TV channels were also hit. Footage circulated online showed anti-regime messages being broadcast, reportedly the result of cyber intrusions. In response, the Iranian government cut off access to the internet across much of the country, with the blackout still in place on Sunday. “They suspect that there is maybe an attempt to mobilise public attention,” Vatanka said.

Iranian leaders ditch digital devices

Iranian officials have reportedly been told to stop using internet-connected or telecommunication devices to avoid further surveillance and disruptions. In a related episode last year, thousands of pagers used by Hezbollah exploded across Lebanon, injuring many.

On Saturday, Israel’s National Cyber Directorate advised its citizens abroad not to fill out suspicious forms online, citing efforts by Iranian hackers to gather intelligence. At the same time, Israeli officials say Iran is once again trying to hack into internet-connected cameras for espionage purposes.

John Hultquist, lead analyst at Google’s Threat Intelligence Group, posted on X that Iran frequently employs cyber tactics to exert psychological pressure. “I’m most concerned about cyber espionage against our leaders and surveillance aided by compromises in travel, hospitality, telecommunications, and other sectors,” he warned.