During last month’s 12-day war between Israel and Iran, a parallel and less visible war was raging in cyberspace, with Iran launching dozens of attacks against Israeli targets. 

According to a report by Israel’s Army Radio earlier this month, the cyber campaign was marked by a clear pattern: while Iran achieved some “local successes” against soft targets like Israeli civilian companies, it failed in its primary objectives of penetrating military networks or disrupting the IDF Home Front Command’s life-saving missile alert systems.

Iranian cyber units reportedly focused on the “supply chain” by targeting civilian contractors and subcontractors that provide various services to the defense establishment. The goal was to disrupt the IDF’s operational continuity or steal information from these more vulnerable civilian networks. Despite these attempts, no significant damage was caused to the IDF’s functioning, according to the report, which cited a senior security official.

The report also revealed that Iran’s most high-stakes target was the Home Front Command’s systems. A successful attack could have had far-reaching consequences, such as neutralizing missile alerts for civilians. However, every one of these attempts failed, and the Home Front Command’s systems functioned fully throughout the entire campaign. 

Israel’s security bodies—the IDF, Israel Security Agency (Shin Bet) and the National Cyber Directorate—offered assistance to the targeted companies, in some cases sending soldiers from the IDF’s cyber defense brigade into their systems to handle the Iranian attacks and “raise their walls.”

Shay Nachum, a former head of the cyber security branch in the IDF’s C4I and Cyber Security Directorate and winner of the Israel Defense Award, provided a deeper strategic analysis of the cyber conflict with Iran, and warned against underestimating Iranian cyber threats.

“Iran is like an octopus with many arms, both in the cybernetic and kinetic aspects,” Nachum, now the CEO of the Cyght cybersecurity company, told JNS on Tuesday. “And when you annoy this octopus—and we did cut off its arms and hurt it—the head still exists. Therefore, with all that, even though the advantage is currently with us, we must be very, very careful that it doesn’t regrow these arms and surprise us in places we are not prepared for … the cyber dimension is a dimension of shadows, and it is relatively easy to be surprised in new areas.”

Nachum noted that Iranian-affiliated hacking groups, such as “Handala” and “Cyber Toufan,” have a strategy of making “noise” by publicly releasing stolen documents to create a psychological effect. Throughout the recent war, these groups claimed responsibility for numerous attacks on Israeli companies. “They know where they want to go, and they are advancing there,” said Nachum. “And they constantly make sure we know they are heading in that direction.”

He explained that the cyber war did not stop with the kinetic ceasefire. However, he assessed that the effectiveness of Iran’s cyber efforts during the 12 days of fighting was significantly hampered not only by Israeli cyber defenses, but also by Israel’s successful conventional strikes.

“In this specific war, there was an expectation for [cyber-fueled] chaos and a catastrophe, but the Iranians did not succeed as they wanted,” Nachum stated. “In the end, the physical attacks disrupted their command and control, with all the generals who were killed. It was very difficult for them to carry out cyber moves because Israel hit them in terms of very senior people and knowledge centers. It is much harder to launch an attack in this domain when extremely senior people are killed.”

Israel’s offensive cyber history, including the Stuxnet virus that was discovered around 2010 sabotaging Iranian uranium enrichment activities in Natanz, shows how deep Israeli capabilities run. 

At the same time, Nachum cautioned that Iran has been working tirelessly to close the technological gap ever since Stuxnet. He said their ultimate strategic goal is to penetrate Israel’s most sensitive targets.

“It is clear to all of us that Iran is trying to get to the critical infrastructure,” he said, naming the cyber divisions of the Iranian Islamic Revolutionary Guards Corps and the Iran Ministry of Intelligence and Security as the primary cyber adversaries.

 “Iran wants to get to the areas of Israel’s electric company, and it wants to get to the sensitive institutions and people, whether in all the security systems or the defense industries. They want to be there. That is their strategic axis … and they are constantly making efforts to get there,” he said, noting that “they also had successes.”

The recent war, added, was a wake-up call for Tehran, and the Iranians will only intensify their efforts in cyberspace. “They are working hard on it to arrive at the next campaign in a much deeper and better way,” said Nachum.

He also assessed that Israel’s own cyber intelligence played an important role in Israel’s ability to strike so many high quality targets during the June war with Iran. 

“The ability to take down so many targets simultaneously is really a breakthrough, and of course, this information also came from intelligence and cyber,” he said. “We saw that with the Iranian nuclear scientists, it didn’t matter where they went in the end, they received a missile. Even in their hideout apartments, and underground. Ultimately, to deliver this information so quickly and accurately, and in such high-volume, is truly a breakthrough in capabilities.”

Source: JNS