Following the initial invasion of Israel by the Hamas militant organisation on 7th October 2023, which was also known as ‘Operation Al-Aqsa Flood’, Iranian state-aligned threat actors launched a series of cyber operations to support their “Shadow War” against Israel. This has primarily involved targeting Israeli government entities and critical national infrastructure (CNI), as well as its geopolitical allies and business affiliates.
In short, Israel became the primary target of a suite of cyberwarfare tactics involving a combination of destructive cyber-attacks and influence operations (IO) which Iran implemented in a multi-phased approach, impacting both public and private sector entities.
Iran’s cyber operation trends
Since the Hamas incursion, the Quorum Cyber Threat Intelligence team has detected the following trends relating to Tehran-aligned cyberattacks and IO.
Cyber-attacks
A shift towards a more proactive operational approach against Israeli entities as opposed to the reactive posture that was adopted following the initial Hamas invasion.
A surge in coordinated Iranian advanced persistent threat (APT) unit activity within Israel throughout Q4 2023 – Q1 2024.
An expanded scope and enhanced sophistication of offensive cyber operations targeting regions perceived to be supportive of Israel, such as Albania, Bahrain, the UAE and the US.
Iranian state-sponsored ransomware deployment against Israeli CNI and military assets.
Iranian APT unit targeting Middle Eastern affairs experts in the Western education sector.
Influence operations
A surge in cyber-enabled IO with misleading claims regarding overall impact on target entities.
Iranian state-aligned IO, launched by Cotton Sandstorm, masquerading as Tehran’s allies, including the Izz ad-Din al-Qassam Brigades (IQB) Hamas military division
The leverage of artificial intelligence (AI) through social media to manipulate Israeli citizens to engage in on-the-ground activities.
Psychological warfare via the utilisation of standard message service (SMS) and email delivery to exaggerate the claims of Tehran-aligned cyber operations.
Iran’s campaign of cyber-attacks and operations began on 18th October 2023 and continues today.
Targeting Timeline
The following timelines outlines significant cyber operations that have been launched in alignment with the ongoing Middle East conflict.
Subscribing to the email newsletter ensures you receive a regular digest of the latest insights, exclusive content, and opportunities to connect with other professionals, all while staying informed about upcoming events and community offers.
Download the Threat Intelligence Outlook 2024 Report
Download the UK Cyber Security Assessment Framework for Local Government document
Get in touch
Let’s discuss your cyber security requirements.
Get started on your journey and go from crisis to clarity, starting now.
