Are Israel and Iran already in a cyber war?

What if Israel responds with a modern-day Stuxnet cyberattack?

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

When kinetic attacks won’t suffice: could Israel and Iran escalate into a cyber war?

After hundreds of drones and rockets were launched from Iran earlier this month – the first-ever direct attack from Iran against Israel – the question on the world’s mind was how would Israel respond. And to what extent?

Israel responded by launching aerial attacks on Iran on April 18, but none were missiles. Some Israelis even criticized the attack as “weak.” However, retired U.S. Army Major General Mark MacCarley told CNN that he speculates the message was a warning to Iran.

“Israelis had to retaliate, but at the same time, within that retaliation was a message, and that is, 'Yes, we can get through. Don’t do it again. If you do it again, then all heck will break out.'"

U.S. President Biden firmly states that the U.S. will not participate in retaliatory offensive strikes with Israel, as Biden seeks to avoid escalating the regional conflict into an all-out war.

The U.S. did, however, aid Israel in defending its territory from Iran’s drone and missile attacks, effectively stopping “99%” of the attack.

Recent days have shown a limited exchange of attacks between Iranian proxies and Israel. Still, the Israeli Defense Forces’ (IDF) northern command headquarters claimed “half of Hezbollah commanders in southern Lebanon were eliminated,” according to a CNN report.

A Hezbollah spokesperson denied the IDF claim, according to CNN.

Despite months of ongoing disruption, deadly attacks, and an unrecognizable Gaza, one fact remains: over 100 Israeli hostages remain in the hands of Hamas.

Israel may not be done sending a message to its enemies despite growing discontent within Israel and opposition to Prime Minister Benjamin Netanyahu’s far-right offensive.

Will Israel escalate with a modern-day Stuxnet cyberattack?

One way Israel may send a message to Iran and Hamas operations is with a strategic, targeted cyberattack.

But not just any cyberattack: it would need to be the equivalent of a cyber nuclear bomb in Tehran or a decapitating attack on Iranian critical infrastructure.

Israel and Iran have long had a fraught relationship, filled with covert operations and destructive cyberattacks. Lest we forget, Israel was instrumental in the creation and unleashing of Stuxnet against the Iranian Natanz nuclear complex.

The malware was unprecedented, attacking the facility's Supervisory Control and Data Acquisition (SCADA) systems and Programming Logic Controllers (PLCs). SCADA systems control, monitor, and analyze industrial devices and processes. PLCs are connected to industrial computers to control automated devices in various industries, including industrial manufacturing and critical infrastructure.

It is believed that Stuxnet delayed Iran’s nuclear by several years. The cyberattack reportedly ruined almost one-fifth of Iran's nuclear centrifuges. In the Natanz facility’s industrial control systems, the worm infected over 200,000 computers and caused 1,000 machines to degrade physically.

Israel could decide to reduce its increasingly controversial ground campaigns across Gaza and instead focus on cyberattacks against Iran to deny, disrupt, and degrade Iranian capabilities. Indeed, strategically targeted cyberattacks may have more impactful destruction to Iran versus launching kinetic weapon attacks past Iranian weapon defense systems.

The allure of Israel using a massive-scale or disruptive cyber weapon campaign against Iranian infrastructure would be to minimize human casualties and still send a bold message.

But in 2024, cyberattack fatigue has lessened the psychological and emotional response for both Israel and Iran. According to Charles Freilich, Israel's former deputy national security advisor, even a “Stuxnet 2.0” may not be perceived as escalatory or damaging enough.

For now, Iran and Israel exchange lower-profile cyberattacks

Many cyberattacks have been reported by Iran against Israel, with false claims of exaggerated destruction to Israeli and U.S. allies’ critical infrastructure, according to a February 2024 Google Threat Analysis Group (TAG) report.

Iran, North Korea, China, and pro-Palestinian hacker groups have accounted for extensive phishing campaigns against Israel and the U.S. in retaliation. Phishing targets include “Israeli and United States decision-makers, media, and NGOs (non-governmental organizations),” the report states.

Google Threat Analysis Group Iran cyberattacks against Israel

Government-backed phishing cyberattacks targeting Israel. 80% originate or are tied to Iran, according to a Google Threat Analysis Group (TAG) report. (Source: Google)

Iran’s proxy, Hezbollah, also conducted cyber operations targeting Israel immediately following the October 7, 2023 attacks. ‘GREATRIFT,’ a Lebanon-based group likely linked to Hezbollah, took advantage of the surge in interest in emergency services immediately following the initial attack to impersonate legitimate Israeli services in phishing lures, demonstrating its agility to tailor the activity to current events rapidly.

Maybe Israel is already within Iran’s critical infrastructure

Reports of Iranian cyberattacks against Israel since October 7, 2023, are well-documented and reported by Western media. However, Israeli cyberattacks against Iran or Iranian proxies are much harder to find (here’s one).

But it doesn’t mean Israel hasn’t been retaliating with sophisticated cyberattacks and sophisticated cyber weapons.

Israel may be well embedded within Iranian cyber targets of its choosing, waiting for the right moment to strike. Like a good spy, they just may not have been detected yet.

Future attempts to conduct cyber espionage, disinformation, phishing, and infect critical infrastructure will undoubtedly persist in this conflict. As nation-states continue to utilize proxies for kinetic attacks, the same will be true for cyberattacks – further increasing “all hands on deck” for defense

Note: This post has been revised on April 27, 2024, for structure and clarity.

Latest Cybersecurity News

What we’re reading across the wire about the latest cybersecurity hacks, breaches, industry news, and more.

New from our blog:

New from our favorite blogs and journalists:

How did you like this issue of The Breach Report?

Login or Subscribe to participate in polls.

Until next time…

Rob Waters
The Breach Report + Cybersecurity Careers Blog

Join the conversation

or to participate.