Cyber Escalation Between Iran and Israel: A Conflict Fought With Missiles and Malware

David Bigger
Jun 22
3 min read

The Iran-Israel conflict has entered a dangerous new phase — one where cyberattacks are deployed alongside military strikes. Since mid-June 2025, both nations have ramped up physical and digital warfare, aiming to disrupt each other’s critical systems and morale.

Military Strikes Paired With Cyber Assaults

On June 16, missile and airstrikes between Israel and Iran resulted in significant casualties: 24 Israelis and at least 224 Iranians were reported killed. Iran claimed its most intense missile operation to date, while Israel responded by targeting key military and nuclear infrastructure.

At the same time, both countries have launched aggressive cyber campaigns. These aren’t just background operations — they’re timed to coincide with physical attacks, amplifying disruption and confusion.

Timeline of Events (June 2025)

Date	Event
June 13	Israel launches
June 13–17	Surge in
June 16	Iran responds with
June 16–17	Cyberattacks ramp up.
June 17	, pushing anti-government messaging.
June 18–Present	Cross-border cyberattacks continue daily. Experts warn of

Hacktivists Fuel the Digital Fire

Cyber groups aligned with both sides have taken center stage.

Handala Hack Team, a pro-Iranian group, has carried out several “hack-and-leak” operations against Israeli organizations. Their attacks include data destruction, phishing campaigns, and the use of wiper malware.

Gonjeshke Darande (Predatory Sparrow), a pro-Israeli group, has claimed attacks that disrupted Bank Sepah, and reportedly destroyed $90 million in assets from Iran’s largest crypto exchange, Nobitex.

These are not just symbolic defacements — these are precision attacks meant to cause financial, political, and psychological damage.

Iran’s State Media Hijacked

One of the more striking operations occurred when Iran’s state TV was hijacked mid-broadcast. Attackers inserted anti-government messaging and leaked footage that embarrassed leadership. Iran quickly blamed Israel, though attribution remains contested. The takeaway: even national media is now a target in this conflict.

Common Cyber Tactics Observed

Destructive malware (e.g., Handala Wiper)
Phishing and credential harvesting
Phishing and credential harvesting
Data exfiltration from financial and government networks
Denial-of-Service attacks (DDoS) on public-facing services
Disinformation campaigns, often timed with kinetic strikes

What Businesses Should Do Now

Whether you’re based in the U.S., Europe, or the Middle East — if you operate in critical sectors (finance, energy, communications, logistics, healthcare) — you’re in the blast radius of this digital fallout.

Here are key steps to take now:

Update Threat Intelligence Feeds
- Prioritize monitoring of Iranian and Israeli-aligned APTs and hacktivist activity.
- Use sources like MISP, OTX, and commercial feeds to track TTPs in real time.
Reinforce Endpoint Defenses
- Wiper malware is actively in use. Ensure EDR/XDR policies detect and isolate suspicious destructive behaviors.
Audit Remote Access and VPN Controls
- Many attacks begin with phishing and credential theft. Lock down external access paths and rotate passwords/tokens.
Test Incident Response Plans
- Simulate cyber events based on this conflict. Practice coordinated response across security, PR, and legal teams.
Engage with Sector ISACs
- If you’re in food/agriculture, energy, healthcare, or defense, join your ISAC for situational updates and peer coordination.
Keep Stakeholders Informed
- Board members, execs, and non-technical teams need briefings on emerging risks from cyber spillover tied to geopolitical events.

Final Thoughts

This isn’t cyberwar on paper anymore — this is live-fire hybrid warfare. As Israel and Iran trade blows, both in the skies and through fiber optics, private organizations are finding themselves squarely in the middle. Businesses that treat this as a wake-up call and fortify now will be in a far better position when the next wave hits.