Meta News

Iranian hackers intensify cyberattacks against the United States and Israel

Summary: Iran intensifies its cyber activities against the United States and Israel, using disinformation and sabotage tactics.

Iran has intensified its cyber operations against the United States, Israel, and their allies, in a context of growing geopolitical tension in the Middle East. Cybersecurity experts such as Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA), have warned that Tehran is deploying an increasingly sophisticated and coordinated cyber ecosystem.

During the first months of 2024 and 2025, multiple influence campaigns and hybrid attacks have been detected. In Israel, for example, fraudulent SMS campaigns (https://www.aurora-israel.co.il/en/alerta-en-israel-por-mensajes-falsos-que-buscan-robar-datos-personales-en-plena-guerra/) (smishing) were reported, simulating emergency alerts or missile warnings with the aim of generating panic and collecting personal data. This type of operation fits within Iran’s digital psychological warfare strategy.

Analysts agree that Iran’s cyber apparatus is structured in three main levels:

- State actors: directly linked to the Islamic Revolutionary Guard Corps (IRGC) (https://en.wikipedia.org/wiki/Islamic_Revolutionary_Guard_Corps#:~:text=The%20Islamic%20Revolutionary%20Guard%20Corps,%2C%20Quds%20Force%2C%20and%20Basij.) and the Ministry of Intelligence.
- Proxy groups or contractors: semi-autonomous collectives that operate with a certain degree of independence but aligned with state interests.
- Ideological hacktivists: volunteer groups that support geopolitical causes aligned with Iran.

What are State actors?: They are cyber units directly linked to the Islamic Revolutionary Guard Corps (IRGC) and Iran’s Ministry of Intelligence. They operate with resources, funding, and objectives defined by the state, carrying out espionage, sabotage, and influence operations aligned with the country’s geopolitical strategy. They are often behind more sophisticated and coordinated attacks, including intrusions into critical infrastructure and long-term covert operations. What are proxy groups or contractors?: These are semi-autonomous collectives that are not officially part of the state apparatus but operate in alignment with its interests. These groups may receive indirect support, funding, or simply act as plausibly deniable extensions of the state, allowing Iran to maintain some distance from potential retaliation. Their activities include phishing campaigns, targeted attacks on organizations, and disinformation operations. What are ideological hacktivists?: These are groups or individuals who act voluntarily, motivated by political, religious, or ideological alignment with Iran. They do not necessarily have formal ties to the government but contribute to the attack ecosystem through actions such as website defacement, data leaks, or social media campaigns. Although they tend to have lower technical sophistication, their volume and speed make them a relevant component of digital warfare.

Among the most active groups are collectives such as APT33, APT34 (OilRig), and APT35 (Charming Kitten), widely documented by companies like Microsoft and CrowdStrike.

Recent notable operations

Operations attributed to Iranian actors include:

- Disinformation campaigns targeting Western and Israeli audiences.
- Phishing and spear-phishing attacks against government officials.
- Doxxing of employees linked to defense sectors in Israel.
- Intrusions into critical infrastructure and research centers in Eastern Europe.

What is Spear-Phishing?

Spear-phishing (https://www.arsys.es/blog/spear-phishing?itc=LSOP2E4O-1J1XUL-KD9POFI&gclsrc=aw.ds&&acp=23173244296&avl=|||&utm_campaign=SGE-ES-CLA-CLAX-PMX-----Arsys&utm_source=google&utm_medium=cpc&gad_source=1&gad_campaignid=23168906867&gbraid=0AAAAAD_tijyMkXa5yyT7Xtvo-ZXm0KEx8&gclid=Cj0KCQjwkMjOBhC5ARIsADIdb3cp6ZMqHzzGTu6r445pBrP6_esgQyftxTrtgRwUR9SfZizwlE_D8DIaAqFhEALw_wcB) is a cyberattack technique that consists of sending highly personalized fraudulent messages to a specific individual or group, with the aim of tricking them into revealing confidential information or performing a compromising action. Unlike traditional phishing, which is mass and generic, spear-phishing relies on prior research about the victim. The attacker gathers information such as name, company, role, or known contacts, and uses it to craft credible messages that appear to come from a trusted source, such as a boss, colleague, or supplier. The goal is usually for the victim to click on a malicious link, download an infected file, or provide login credentials. Due to its level of personalization, this type of attack is harder to detect and has a higher success rate, being common in espionage campaigns, business fraud, and targeted cyberattacks.
In Albania, for example, Iran was formally accused of the cyberattack that affected government systems in 2022, which led to the breakdown of diplomatic relations with Albania. This case was widely attributed to actors linked to the Iranian state.
In terms of more aggressive operations, some groups such as “Handala” have been associated with destructive campaigns and digital sabotage. However, claims such as the “deletion of 200,000 devices” should be treated with caution, as there is no public consensus or solid confirmation of that magnitude in verified open sources.

Geopolitical context and evolution

Cyber activity between Iran, Israel, and the United States is not new. It is part of a prolonged conflict that includes episodes such as:

- The Stuxnet attack (https://www.bbc.com/mundo/noticias/2015/10/151007_iwonder_finde_tecnologia_virus_stuxnet), considered one of the first cyberattacks on critical infrastructure.
- Ongoing industrial and military espionage operations.
- Influence campaigns on social media.

What has changed in recent years is the scale, coordination, and diversity of tactics. Iran has moved from relatively simple operations to complex campaigns that combine:

- Technical cyberattacks
- Information warfare
- Psychological operations
- Use of artificial intelligence to amplify impact

War is no longer fought only on the physical battlefield. Today, a simple SMS message can become a weapon capable of spreading fear, manipulating perceptions, and compromising entire systems. Iran’s case demonstrates that the future of conflicts lies in the control of the digital space, where information, disinformation, and user trust have become top strategic targets.

Key facts

  • Iran intensifies its cyberattacks against the United States and Israel.
  • Iranian hackers operate at three levels: government-controlled actors, contractors, and volunteer hacktivists.
  • Handala, an organization apparently backed by Iran, carried out an attack that allegedly wiped more than 200,000 devices.
  • The increase in cyber activities has implications for digital security and regional geopolitics.

Why it matters

This increase in cyber activities has important implications for digital security and regional geopolitics, as it shows the deployment of significant resources by Iran on this front of warfare.

Embedded content for: Iranian hackers intensify cyberattacks against the United States and Israel
Tags:
cybersecurity Iran hackers US Israel Iran cyberattacks Smishing Phishing Spear-phishing Social engineering Digital disinformation Doxxing Mobile malware Cyber espionage Cybersecurity Cyber warfare Hybrid warfare Digital threats Information security

Structured details

  • Industry: cybersecurity
  • Source type: media
  • Claim status: confirmed
  • Verification: claimed_by_source

Source: https://arstechnica.com/security/2026/03/irans-hackers-are-on-the-offensive-against-the-us-and-israel/

Published on