The conflict between Israel and Iran is expanding beyond physical warfare into the cyber domain. Following the large-scale airstrike by Israel on the 13th, cyberattacks originating from Iran have surged, making the digital space a de facto 'second front.'
According to an analysis by Radware, a global cybersecurity corporation based in Israel, the attempts by Iranian hackers targeting major Israeli infrastructure have increased by over 700% compared to pre-strike levels.
The targets of the attacks range widely from the public alert system 'Tzofar' to private radio networks, energy corporations, and intelligence agency websites. The Iranian-linked hacker group 'Arabian Ghost' claimed to have shut down several radio stations the day after the airstrike, while 'Handala' announced it had stolen over 2 terabytes (TB) of data from energy corporations Delkol and Delek. There were also claims that the official website of the Israeli intelligence agency Mossad was temporarily incapacitated.
Radware analyzed that 'government-sponsored hacking groups from Iran, such as APT34 (OilRig) and APT39 (Remix Kitten), are engaged in operations for surveillance, espionage, and service disruption, and information warfare is also being carried out through AI-based botnets and fake social media accounts.' According to reports from Israeli local media on the 16th (local time), Iranian hackers hacked part of the air defense network to activate air raid sirens without a missile launch, resulting in millions of citizens having to evacuate. The Israeli military explained that 'there was no physical damage, but anxiety spread throughout society.'
The analysis indicates that Iran's strategy is focused more on disrupting public opinion and causing confusion rather than infrastructure destruction. Radware explained that 'Iran's effective military response capability is limited, and cyber operations are being seen as a more feasible realistic alternative,' noting that 'Iran is now more likely to respond through asymmetric strategies such as cyber warfare rather than physical retaliations.'
Israel is also known to be countering with an aggressive offensive strategy in cyber warfare. In particular, Israel is assessed as a nation possessing one of the world's highest levels of cyber capabilities, on par with the U.S. National Security Agency.
In September of last year, Mossad executed 'Operation Grim Beeper,' hacking the communication networks of Hezbollah across Lebanon to simultaneously explode thousands of pagers. This operation resulted in injuries to the Iranian ambassador to Lebanon and caused dozens of casualties. The cyber infiltration also tracked and assassinated Hezbollah Secretary-General Hassan Nasrallah and Southern Commander Ali Karaki.
An AI-based target tracking system named 'Habsora' was deployed for this operation. This system analyzes the target's daily movement patterns to build a 'target bank' and provides precise strike information in real time. The entity carrying out the operation is the 'Unit 8200,' an intelligence and cyber special forces unit of the Israel Defense Forces.
Unit 8200 performs roles similar to the U.S. NSA, responsible for signal intelligence collection, malware distribution, and digital assassination across the spectrum of cyber warfare. It is known that this unit disrupted Iranian nuclear facilities with the Stuxnet virus in 2010. In 2017, it hacked the Lebanese state telecommunications company Ogero, and in 2018, it successfully thwarted an attempted aerial terror attack by ISIS. At the end of last year, it was reported that the unit was operating a combat unit target bank using AI to gather the daily patterns of Hamas operatives.
Radware stated, 'This conflict marks a turning point where cyberspace has solidified its role not merely as an auxiliary means but as a substantial battlefield,' adding that 'the convergence of physical warfare and information warfare is deepening into a hybrid warfare model.'