FRESH AIR

No increased Iranian cyberthreat to Israel

May 3, 2023 | Oved Lobel

Cyber

Despite worries of increased cooperation between Russia and Iran in cyberspace, to date there is no clear evidence that such cooperation has occurred. Moreover, there does not appear to be any clear indication that Iran’s ability to conduct sophisticated cyberattacks has improved recently, despite a series of cyber-attacks on Israel making headlines over the past two months.

The Wall Street Journal in March cited “people familiar with the matter” claiming that “Moscow has likely already shared with Iran more advanced software that would allow it to hack the phones and systems of dissidents and adversaries.” Similar reports emerged in March 2019, when Israel’s Channel 12 claimed that Russia had given Iran ‘zero-click exploits’ that Iran had allegedly used to hack the phone of Benny Gantz, then a candidate for prime minister. If those reports were even correct, there is no indication such exploits have been used since.

The idea of increased Russian involvement alongside Iran in attacks against Israel has been related to unsophisticated Distributed Denial-of-Service (DDoS) attacks on Israeli websites by “Anonymous Sudan”, which is reported to be a cover for the Russia-linked “Killnet” group. Whatever the case, the group seems to be very focused on annoying countries and organisations deemed hostile to either the Kremlin or Islam, and Israel is far from the only country targeted in its global DDoS campaigns.

However, these particular attacks by Anonymous Sudan were part of OpIsrael, a yearly campaign that has existed since 2013 for anti-Israel hackers across the world to launch occasionally mildly disruptive but nonetheless unsophisticated attacks against Israeli websites and organisations.

During the escalation between Israel and Gaza-based terrorist groups overnight, Anonymous Sudan claimed it had taken down so many Iron Dome missile defence alert systems that the group stopped it from intercepting all rockets fired. While Iron Dome’s intercept success rate was lower than usual, there is no evidence Anonymous Sudan had anything to do with it. Should it transpire that hackers can intervene during conflict to disrupt Iron Dome, that would indeed be worrisome – but there is no reason as yet to believe the group’s claims.

The group further claimed it was behind power outages across Israel and that it had “gained access to very sensitive data from the Israeli government,” which it “will leak in due time.” It also claimed it was targeting Israel’s internet. These claims are also entirely unsubstantiated.

A slightly more serious ransomware attack on Israel’s Technion Institute was conducted by Iran’s “MuddyWater” group in March, but did not severely impact operations and was also part of a global campaign. MuddyWater has previously conducted such ransomware attacks, including against Israeli institutions, such as its global “Operation Quicksand” campaign in 2020.

The only serious attempted cyberattack targeting Israeli infrastructure by Iran remains the April 2020 attempt against its water distribution network, although even there the sophistication and odds of success were contested, with one intelligence official describing the attack’s sophistication as “miserable”.

Another cyberattack targeting Israeli water infrastructure in early April this year damaged some water controllers and control systems of the Galil Sewage Corporation, though the attack has not been publicly attributed to Iran and coincided with OpIsrael and a general period of anti-Israel cyberattacks during the Muslim holy month of Ramadan. Israel had already warned of planned cyberattacks on those dates, so many farmers in the area had already turned off remote control for their irrigation systems.

Similar cyberattacks against water infrastructure occurred in July 2020, also not publicly attributed to Iran.

By and large, Iranian activity in cyberspace is focused primarily on propaganda and disinformation, and its hackers mostly rely on “social engineering” techniques, including fake profiles and websites and “typosquatting” links, to gather information. While some Iranian cyber actors have reportedly improved their hacking tools recently, the baseline is extremely low.

Despite the alleged doubling in cyberattacks against Israel in 2022 – to 200 a month from approximately 88 on average the year before – Iran for the time being remains, as AIJAC assessed in April 2022, more of a cybernuisance and is still incapable of posing a serious threat.

 

Tags: , , ,

RELATED ARTICLES

Image: Shutterstock

China could be the key to the success of the renewed “snapback sanctions” on Iran

Oct 3, 2025 | Featured, Fresh AIR
Palestinian Authority President Mahmoud Abbas (Image: UN Photo)

Abbas said some positive sounding things in UN speech – pity they are so far-fetched

Sep 30, 2025 | Featured, Fresh AIR
Image: Shutterstock

Media Matters: The ABC’s blind spot

Aug 17, 2025 | Fresh AIR
Fighters and military vehicles belonging to Syrian government forces intervene in the city of Sweida to enforce a ceasefire between Druze factions and Bedouin tribes. Syria, July 20, 2025 (Image: Shutterstock)

Druze crisis tested Israel’s Syria strategy

Jul 31, 2025 | Featured, Fresh AIR
Image: Shutterstock

Media Matters: Smoke and Ire over IHRA

Jul 30, 2025 | Featured, Fresh AIR
President Bill Clinton walks Prime Minister Ehud Barak of Israel and Yasser Arafat of the Palestinian Authority at Camp David, Maryland, July 2000 (Image: Wikipedia)

The silver anniversary of the silver bullet

Jul 29, 2025 | Featured, Fresh AIR
D11a774c 2a47 C987 F4ce 2d642e6d9c8d

Bibi in DC, the Houthi threat and the politicised ICJ opinion

Jul 26, 2024 | Update
Image: Shutterstock

Nine months after Oct. 7: Where Israel stands now

Jul 10, 2024 | Update
Palestinian Red Crescent workers from Al-Najjar Hospital in the city of Rafah, south of the Gaza Strip (Image: Shutterstock)

Hamas’ impossible casualty figures

Mar 28, 2024 | Update
455daec3 C2a8 8752 C215 B7bd062c6bbc

After the Israel-Hamas ceasefire for hostages deal

Nov 29, 2023 | Update
Screenshot of Hamas bodycam footage as terrorists approach an Israeli vehicle during the terror organisation's October 7, 2023 attack in southern Israel, released by the IDF and GPO (Screenshot)

Horror on Video / International Law and the Hamas War

Oct 31, 2023 | Update
Sderot, Israel. 7th Oct, 2023. Bodies of dead Israelis lie on the ground following the attacks of Hamas (Image: Ilia Yefimovich/dpa/Alamy Live News)

Israel’s Sept. 11, only worse

Oct 11, 2023 | Update
Screenshot 2025 10 08 At 9.38.18 am

“It’s a very tough day for Jews worldwide”: Joel Burnie on Sky News

Oct 8, 2025 | Video
Screenshot 2025 10 08 At 9.39.06 am

Antisemitic graffiti on October 7 anniversary “deeply saddening”: Joel Burnie on Sky News

Oct 8, 2025 | Featured, Video
Screenshot 2025 10 07 At 1.16.10 pm

A terrible two years for the Australian Jewish community: Bren Carlill on Sky News

Oct 8, 2025 | Featured, Video
Screenshot

Cautious hope in Israel for Gaza conflict deal: Joel Burnie on Sky News

Oct 5, 2025 | Featured, Video
Screenshot

Protesters should support Gaza ceasefire plan: Joel Burnie on Sky News

Oct 4, 2025 | Video
Screenshot

Antisemitism “a toxin festering through the violent rhetoric on our streets”: Joel Burnie on Sky News

Oct 3, 2025 | Featured, Video

RECENT POSTS

President Trump with his Middle East envoy Steve Witkoff (Image: Whitehouse.gov)

Will Trump’s plan give peace a chance in Gaza?

Leeser Burns

AIJAC congratulates MPs Josh Burns and Julian Leeser on the McKinnon Prize

Celebration in Hostage Square, Tel Aviv (Image: Dana Reany/ X)

Good news, but the world must make sure Hamas falls in line

The infamous scenes outside the Sydney opera House, October 2023 (Screenshot)

AIJAC applauds NSW Court of Appeal decision to block Oct. 7 celebration at the Opera House

Image: Shutterstock

AIJAC welcomes news of agreement on first phase of Israel-Hamas peace plan

SORT BY TOPICS