Analysis Summary

Cyberattacks and operations have become a regular feature of the geopolitical war as tensions in the Middle East keep rising. As Israel's military operations in Gaza began last week, the head of Israel's National Cyber Directorate blamed Iran and Hezbollah for assaults against the nation's networks, government offices, and commercial enterprises.

Data from a cybersecurity company indicates that numerous denial-of-service assaults affected Israeli targets after Quds Day, which is Iran's celebration of their pro-Palestinian Jerusalem Day on April 5. While the number of cyberattacks has decreased so far this year, cybersecurity experts believe that increased tensions between Israel, Iran, and Lebanon may easily spark an increase in cyber activity.

Generally, Iran and other regional cyber groups have demonstrated no restraint in their strikes, so Israel should brace itself for more devastating cyberattacks. Hacktivists will probably target any organization they believe to be connected to their perceived opponents, and Israeli-linked groups will probably continue to target Iran as long as Iran and Hezbollah seem prepared to launch devastating cyberattacks against both Israel and the United States.

When the Russian military targeted Ukraine with cyberattacks both before and during the invasion, and in the two years after the war began, it extensively assaulted the US and Ukraine's European allies. The nature of cyber warfare differs for the Middle East. The conflict's players have varying strengths and weaknesses, which limits their alternatives and exacerbates the asymmetry of cyber warfare. The Russian government is united in its goals, whereas Hamas and Iran are more opportunistic rivals. Israel has the most advanced cyber-offensive capabilities in the region, while Russia and Ukraine have comparable cyber capabilities. Israel's military operations have also hindered Hamas' ability to respond.

Although Iran is not a direct participant in the war, they maintain strong opposition to Israel, therefore their objectives do not necessarily align with Russia's strategy of endorsing territorial grabs. Since conventional weapons are not currently an outcome acceptable to Iran, they are using cyber to perform destructive operations.

In the context of the conflict, Iran has also been the target of disruptive cyber activities. Predatory Sparrow—which made a reappearance in October and targeted Iranian gas stations in December—has been blamed for several disruptive attacks on the country's infrastructure, which some analysts have connected to Israel.

There are other actors in the conflict besides nation-states. Hacktivism has surged in the last year as tech-savvy protesters respond to the wars in Russia and Ukraine as well as Israel and Hamas. Sharp increases in denial-of-service assaults indicate that hacktivism is mostly to blame for the surge in attack activity in Israel. Previously, the groups united under the moniker Anonymous, staking claim to the name and trying to recruit other groups to join them. These days, they recruit like-minded partners on Telegram using operation-specific hashtags, which is a far more effective way to operate.

It's conceivable that hacktivism will keep inspiring attacks against other nations in addition to Israel. Attacks are anticipated to intensify faster as nation-states standardize their tactics and hacktivists become more proficient at working together.