FRESH AIR

No increased Iranian cyberthreat to Israel

May 3, 2023 | Oved Lobel

Cyber

Despite worries of increased cooperation between Russia and Iran in cyberspace, to date there is no clear evidence that such cooperation has occurred. Moreover, there does not appear to be any clear indication that Iran’s ability to conduct sophisticated cyberattacks has improved recently, despite a series of cyber-attacks on Israel making headlines over the past two months.

The Wall Street Journal in March cited “people familiar with the matter” claiming that “Moscow has likely already shared with Iran more advanced software that would allow it to hack the phones and systems of dissidents and adversaries.” Similar reports emerged in March 2019, when Israel’s Channel 12 claimed that Russia had given Iran ‘zero-click exploits’ that Iran had allegedly used to hack the phone of Benny Gantz, then a candidate for prime minister. If those reports were even correct, there is no indication such exploits have been used since.

The idea of increased Russian involvement alongside Iran in attacks against Israel has been related to unsophisticated Distributed Denial-of-Service (DDoS) attacks on Israeli websites by “Anonymous Sudan”, which is reported to be a cover for the Russia-linked “Killnet” group. Whatever the case, the group seems to be very focused on annoying countries and organisations deemed hostile to either the Kremlin or Islam, and Israel is far from the only country targeted in its global DDoS campaigns.

However, these particular attacks by Anonymous Sudan were part of OpIsrael, a yearly campaign that has existed since 2013 for anti-Israel hackers across the world to launch occasionally mildly disruptive but nonetheless unsophisticated attacks against Israeli websites and organisations.

During the escalation between Israel and Gaza-based terrorist groups overnight, Anonymous Sudan claimed it had taken down so many Iron Dome missile defence alert systems that the group stopped it from intercepting all rockets fired. While Iron Dome’s intercept success rate was lower than usual, there is no evidence Anonymous Sudan had anything to do with it. Should it transpire that hackers can intervene during conflict to disrupt Iron Dome, that would indeed be worrisome – but there is no reason as yet to believe the group’s claims.

The group further claimed it was behind power outages across Israel and that it had “gained access to very sensitive data from the Israeli government,” which it “will leak in due time.” It also claimed it was targeting Israel’s internet. These claims are also entirely unsubstantiated.

A slightly more serious ransomware attack on Israel’s Technion Institute was conducted by Iran’s “MuddyWater” group in March, but did not severely impact operations and was also part of a global campaign. MuddyWater has previously conducted such ransomware attacks, including against Israeli institutions, such as its global “Operation Quicksand” campaign in 2020.

The only serious attempted cyberattack targeting Israeli infrastructure by Iran remains the April 2020 attempt against its water distribution network, although even there the sophistication and odds of success were contested, with one intelligence official describing the attack’s sophistication as “miserable”.

Another cyberattack targeting Israeli water infrastructure in early April this year damaged some water controllers and control systems of the Galil Sewage Corporation, though the attack has not been publicly attributed to Iran and coincided with OpIsrael and a general period of anti-Israel cyberattacks during the Muslim holy month of Ramadan. Israel had already warned of planned cyberattacks on those dates, so many farmers in the area had already turned off remote control for their irrigation systems.

Similar cyberattacks against water infrastructure occurred in July 2020, also not publicly attributed to Iran.

By and large, Iranian activity in cyberspace is focused primarily on propaganda and disinformation, and its hackers mostly rely on “social engineering” techniques, including fake profiles and websites and “typosquatting” links, to gather information. While some Iranian cyber actors have reportedly improved their hacking tools recently, the baseline is extremely low.

Despite the alleged doubling in cyberattacks against Israel in 2022 – to 200 a month from approximately 88 on average the year before – Iran for the time being remains, as AIJAC assessed in April 2022, more of a cybernuisance and is still incapable of posing a serious threat.

 

Tags: , , ,

RELATED ARTICLES

Screenshot 2025 06 27 At 4.03.57 pm

Weekend Hebrew media update: Gaza, Iran and Israel

Jun 27, 2025 | Featured, Fresh AIR
Targeted Israeli strikes in Teheran (Source: Heute.at)

Inside Israel’s strike on Iran: The intelligence coups that made it possible

Jun 27, 2025 | Featured, Fresh AIR
Screenshot 2025 06 25 At 6.06.49 pm

War Update: Operation Rising Lion – Were the goals achieved?

Jun 25, 2025 | Featured, Fresh AIR
Screenshot 2025 06 24 At 7.12.23 pm

War Update: Operation Rising Lion – Will the ceasefire hold?

Jun 24, 2025 | Featured, Fresh AIR
Screenshot 2025 06 23 At 7.53.42 pm

War Update: Operation Rising Lion – US joins the fight

Jun 23, 2025 | Featured, Fresh AIR
Screenshot 2025 06 19 At 6.54.53 pm

War Update: Operation Rising Lion – Soroka Hospital struck

Jun 19, 2025 | Featured, Fresh AIR
D11a774c 2a47 C987 F4ce 2d642e6d9c8d

Bibi in DC, the Houthi threat and the politicised ICJ opinion

Jul 26, 2024 | Update
Image: Shutterstock

Nine months after Oct. 7: Where Israel stands now

Jul 10, 2024 | Update
Palestinian Red Crescent workers from Al-Najjar Hospital in the city of Rafah, south of the Gaza Strip (Image: Shutterstock)

Hamas’ impossible casualty figures

Mar 28, 2024 | Update
455daec3 C2a8 8752 C215 B7bd062c6bbc

After the Israel-Hamas ceasefire for hostages deal

Nov 29, 2023 | Update
Screenshot of Hamas bodycam footage as terrorists approach an Israeli vehicle during the terror organisation's October 7, 2023 attack in southern Israel, released by the IDF and GPO (Screenshot)

Horror on Video / International Law and the Hamas War

Oct 31, 2023 | Update
Sderot, Israel. 7th Oct, 2023. Bodies of dead Israelis lie on the ground following the attacks of Hamas (Image: Ilia Yefimovich/dpa/Alamy Live News)

Israel’s Sept. 11, only worse

Oct 11, 2023 | Update
Screenshot

‘Optimism’ for Hamas to ‘exile’ their power and create a permanent ceasefire with Israel: Joel Burnie on Sky News

Jun 30, 2025 | Featured, Video
Screenshot

Australian government’s response to Iran-Israel conflict ‘disappointing’: Paul Rubenstein on Sky News

Jun 17, 2025 | Video
Screenshot

UNRWA feeds the ‘Palestinian delusion’ of no Jewish state: Dr Einat Wilf on Sky News

Jun 12, 2025 | Featured, Video
Screenshot 2025 05 30 At 11.22.09 AM

Albanese urged to visit Israel instead of ‘throwing mud’ over Gaza war: Joel Burnie on Sky News

May 30, 2025 | Featured, Video
Screenshot 2025 05 09 At 12.06.51 PM

The Australian elections and the Middle East: Joel Burnie on the Middle East Forum podcast

May 9, 2025 | Video
Screenshot 2025 05 07 At 9.28.49 AM

Greens ran a ‘toxic and divisive’ election campaign for Jewish voters: Joel Burnie on Sky News

May 7, 2025 | Featured, Video

RECENT POSTS

Iran Protests (52383779726)

After the ceasefire, we should not forget that Iran’s regime is a threat to everyone

Wissam Haddad in one of his online sermons (YouTube screenshot)

AIJAC welcomes finding of 18C breach by Islamic preacher Wissam Haddad

5xbO4 Hs

Honouring Dr Efraim Zuroff, renowned Nazi hunter

Screenshot

‘Optimism’ for Hamas to ‘exile’ their power and create a permanent ceasefire with Israel: Joel Burnie on Sky News

Image: Shutterstock

A ceasefire – but will the fire actually cease?

SORT BY TOPICS