‘Multiple Undreported Attacks Rise: Iran’s Cyber Operations Expand Globally’

(SeaPRwire) –   While seeking safety from an Iranian missile barrage, several Android users in Israel were sent text messages containing links to supposed real-time bomb shelter data. However, the links actually installed spyware, granting hackers full access to the users’ cameras, locations, and personal files.

Attributed to Iranian actors, this operation demonstrated a high level of coordination and represents the latest development in a digital struggle involving the U.S., Israel, and Iranian-backed groups. As Iran utilizes cyber tools to offset its conventional military limitations, the conflict highlights how hacking, artificial intelligence, and disinformation have become central to modern warfare.

The fraudulent messages were timed to arrive exactly during the missile strikes, creating a rare synchronization of physical and digital aggression, according to Gil Messing, chief of staff at the cybersecurity firm Check Point Research.

“These were delivered to individuals as they were rushing to find safety,” Messing remarked. “The precise timing of this coordination is a first.”

Security experts believe this digital confrontation will persist regardless of any potential ceasefires. Cyber operations are significantly less expensive than traditional combat and are primarily intended to intimidate, spy, and steal rather than cause direct casualties.

Iranian-affiliated groups shift toward high-frequency, low-impact cyber strikes

While the volume of cyberattacks linked to the conflict is high, most have caused only minor damage to military or economic infrastructure. Nevertheless, they have forced many Israeli and American organizations to take defensive measures and address long-standing security gaps.

Researchers at the security firm DigiCert have identified nearly 5,800 cyberattacks carried out by approximately 50 groups connected to Iran. Although the U.S. and Israel are the primary targets, DigiCert also noted attacks on networks in Qatar, Kuwait, Bahrain, and other regional nations.

Many of these attempts are easily blocked by modern security protocols. However, they can still cause significant harm to entities with outdated defenses and consume valuable resources even when they fail.

Furthermore, there is a notable psychological strain on companies that support military operations.

“A significant number of attacks are occurring that never reach public reports,” stated Michael Smith, field chief technology officer at DigiCert.

Recently, a pro-Iranian hacking collective claimed to have accessed an account belonging to FBI Director Kash Patel, releasing old photographs, a resume, and other personal records that appeared to be over a decade old.

This incident mirrors many other Iranian-linked cyberattacks: they are often high-profile actions meant to boost the morale of supporters and rattle opponents without significantly impacting the actual war effort.

Smith noted that these frequent but low-damage attacks serve as a form of intimidation, signaling to people in other nations that they can be reached regardless of their location.

Focus on healthcare systems and data infrastructure

Iran is expected to target vulnerabilities in American cybersecurity, specifically focusing on supply chains, critical infrastructure like water plants and ports, and the healthcare sector.

Data centers are also being targeted through both physical and digital means, highlighting their essential role in military security, communications, and the broader economy.

This month, a group known as Handala, which supports Iran, claimed responsibility for a cyberattack on the medical technology firm Stryker. The group stated the move was a response to alleged U.S. strikes that resulted in the deaths of Iranian students.

Cybersecurity firm Halcyon recently detailed another attack on a healthcare organization. While the company was not named, Halcyon reported that hackers used Iranian-linked tools to deploy destructive ransomware that locked the organization out of its own systems.

The attackers did not ask for a ransom, indicating that their goal was to create chaos and destruction rather than seek financial gain.

Combined with the Stryker incident, this points to a specific focus on the medical industry rather than random targets, according to Cynthia Kaiser, senior vice president at Halcyon. She warned that such targeting is likely to increase as the conflict continues.

The influence of artificial intelligence is growing

AI is being used to increase the speed and scale of cyberattacks while allowing hackers to automate many of their processes.

However, AI’s most damaging impact has been in the realm of disinformation, where it erodes public confidence. Supporters on both sides have circulated fabricated images of military victories or atrocities. One deepfake depicting sunken U.S. warships has been viewed over 100 million times.

In Iran, authorities have restricted internet access and are using state media to control the narrative through propaganda. According to NewsGuard, Iranian state outlets have begun dismissing authentic war footage as fake while promoting their own manipulated images.

Concerns over AI and hacking led the State Department to establish the Bureau of Emerging Threats last year. This new office joins existing efforts by the National Security Agency and the Cybersecurity and Infrastructure Security Agency to address technological threats.

Director of National Intelligence Tulsi Gabbard recently informed Congress that AI also plays a crucial role in cyber defense by speeding up response times.

Gabbard noted that the technology will increasingly define cyber operations, with both attackers and defenders using these tools to enhance their efficiency.

While China and Russia are considered more significant cyber threats, Iran has still conducted several operations against U.S. targets. In recent years, Tehran-linked groups have breached the email systems of Donald Trump’s presidential campaign, targeted American water facilities, and attempted to infiltrate military networks. They have also used fake online personas to encourage domestic protests against Israel.