How Espionage and Cyber Attacks Have Become Another Battleground Between Iran and 'Israel'

In a scene reflecting the sharp shift in the nature of future wars, the cyber confrontation between Iran and “Israel” has escalated in recent days, including arrests, hacking, and espionage, amid mutual accusations.

Iranian reports revealed that Tehran arrested more than 700 collaborators with “Israel” during the 12-day war between the two sides, and executed three of them on charges of espionage for Mossad.

Among the charges against the detainees were directing and monitoring suicide drones, manufacturing homemade bombs, photographing sensitive military sites, and sending information to the Israeli army.

Meanwhile, Israeli police announced the arrest of a young man in Tel Aviv on charges of carrying out missions for an Iranian entity. Israeli media also reported the arrest of a citizen from Haifa on suspicion of espionage for Iran.

These developments come as the recent Israeli-Iranian war has transcended its traditional military dimensions, particularly as each side has begun working to hack the other by any means possible.

Although missile attacks and airstrikes have already resulted in casualties on both sides, many believe the impact of a cyber war may be longer-lasting, given the paralysis it causes to vital state institutions without the sound of explosions or the smell of gunpowder.

Digital Outage

Since the start of the recent Israeli aggression against Iran, cyberspace has emerged as another battlefield for the confrontation between the two sides. 

The exchange of airstrikes was accompanied by electronic breaches targeting civilian, banking, and information infrastructure.

With the start of Israeli attacks on Iranian nuclear and military facilities on June 13, signs of a digital outage began to appear in Iran, according to global data monitoring reports.

In just three days, Iran recorded more than 6,700 distributed denial-of-service (DDoS) attacks, forcing it to take drastic and unusual measures.

By June 17, Iranian authorities announced a comprehensive and temporary internet restriction in the country, while NetBlocks monitored a 90% drop in internet connectivity in Iran. 

The Iranian Ministry of Communications explained that this decision was taken in light of the exploitation of the national telecommunications network for military purposes.

However, human rights organizations considered it a systematic policy to isolate the Iranian people and prevent the leaking of images of the bombing, destruction, and casualties.

The Iranian Cyber Security Command had previously announced a ban on officials and their entourage from using any devices connected to electronic networks, such as smartphones, smart watches, or laptops.

It also called on citizens to reduce the use of internet-connected smart devices and take the necessary precautions.

On June 18, an official media campaign in Iran escalated calling for the deletion of WhatsApp, alleging its links to Israeli intelligence services.

Meta, the company that owns WhatsApp, denied these accusations, stressing that the end-to-end encryption system does not allow any third party to view the content of messages exchanged via the app, and that it does not hand over user data to governments.

It's worth noting that WhatsApp is not completely immune, especially after Israeli high-tech and software company NSO was fined $167 million last month for hacking the WhatsApp accounts of 1,400 people, including activists and journalists, in 2019.

Iranian Operations

The Jerusalem Post quoted cyber security firm Radware as saying there had been a 700% increase in malicious activity in just two days, linked to cyber operations launched by Iranian hacker groups, most notably the Cyber Avengers group.

These operations targeted vital Israeli digital infrastructure, including radio broadcasting systems and government servers, with reports that one of them succeeded in temporarily disrupting Israeli radio stations.

Iranian cyber activities have not been limited to direct technical intrusions. They have also been accompanied by disinformation campaigns targeting the Israeli home front, in an attempt to create widespread psychological and social confusion.

According to “Israel”-based Check Point Software Technologies, Iranian-linked actors launched several disinformation campaigns in “Israel”. 

One such campaign involved a text message sent to thousands of Israelis warning that fuel supplies would be halted at gas stations for 24 hours.

Another message falsely warned of a possible terrorist attack at a bomb shelter, urging residents to avoid the area. 

Both messages were crafted to appear as if they came from Israel's Home Front Command, but were in fact fake.

In a notable development in the escalating cyber war between Iran and “Israel”, an Iranian attempt to target Unit 8200, one of the most prominent technical intelligence units in the Israeli military, has been documented.

This unit is responsible for developing and executing advanced cyber operations, as well as integrating artificial intelligence (AI) technologies into intelligence analysis and military decision-making.

In another context, Bloomberg reported that Iran had succeeded in hacking into home surveillance cameras across “Israel”, a development experts described as dangerous.

These cameras, which were documenting real-time events on the ground in “Israel”, have become a direct source for Iran to obtain information that helps it guide its missiles and drones with pinpoint accuracy.

According to this report, this Iranian move once again highlights the vulnerability of security cameras, which have previously been exploited in international conflicts.

Bloomberg quoted a spokesperson for Israel's Cyber Security Authority as saying that Iran is increasingly seeking to use internet-connected cameras for intelligence gathering and military planning purposes.

Israeli Hacking

In contrast, the Jerusalem Post has also documented numerous Israeli cyberattacks on Iranian infrastructure, primarily focused on Tehran's financial sector.

On June 17, an Israeli hacker group called Predatory Sparrow claimed responsibility for a cyberattack on Iran's Bank Sepah, one of the country's largest state-owned financial institutions, causing widespread outages.

In a parallel development, the same group announced another attack the following day targeting Nobitex, Iran's largest cryptocurrency exchange.

According to reports, the cryptocurrency exchange was hacked, resulting in the theft of the equivalent of $90 million, prompting it to suspend its services as a precautionary measure.

Hundreds of gas stations in Iranian cities also suffered a sudden outage, also claimed by Predatory Sparrow, in a cryptic message described as an Israeli cyber response to Iranian threats.

Iranian media also reported that “Israel” briefly hacked state television, showing footage of previous protests and urging residents to take to the streets.

The cyber attacks linked to “Israel” sought to disrupt financial transactions, making life more difficult for Iranians, and coincided with statements by Israeli officials calling on Iranians to revolt against the regime.

Observers believe this strategy highlights how “Israel” uses its cyber attacks to achieve political goals, alongside their use as part of its military strategy.

It is worth noting that for at least two decades, “Israel” has been keen to integrate cyber attacks into its warfare, as well as to precisely target them to achieve actual military objectives.

Cyber Attacks 

On a related note, the mutual cyber attacks between “Israel” and Iran highlight the growing digital capabilities of both sides, with cyber war becoming a key component of both defense and offensive strategies.

“Israel”, which possesses a sophisticated technological infrastructure and close cooperation with major technology companies, has successfully carried out cyber attacks targeting vital facilities inside Iran, including nuclear facilities and financial institutions.

The significance of these attacks lies in their ability to cause widespread disruption to infrastructure from within, without the need to deploy conventional military units. This reflects a growing trend toward employing cyber tools to achieve strategic goals at the lowest possible cost on the ground.

Iran has also significantly developed its cyber capabilities, relying on advanced hacker groups to carry out complex espionage operations and target the electronic systems of hostile countries, particularly “Israel”.

Iranian cyber attacks also include means to gather vital intelligence related to Israel's nuclear program and cooperation between Western countries and “Israel”.

At the same time, Iran has demonstrated its ability to launch large-scale attacks on banking and commercial systems to undermine the economic stability of targeted countries.

These reciprocal attacks demonstrate an escalation in the level of cyber war between the two countries, as each side focuses on enhancing its digital capabilities to ensure superiority in this vital field.

In late May, the Shin Bet and Israel's Cyber Directorate revealed that Israeli defenses had thwarted 85 Iranian cyber attacks since the beginning of 2025, targeting military officials, politicians, journalists, and academics.

The Iranian-Israeli cyber war began in 2010 when the Stuxnet virus struck Iran's Natanz nuclear facility, causing severe damage to nearly 1,000 centrifuges used for uranium enrichment.

This attack was not merely a simple act of cyber sabotage; it was widely considered the first effective cyber weapon in modern history, particularly since it used software as a weapon with a tangible impact on the physical infrastructure of a sovereign state, without a single bullet being fired.

Since then, the cyber war between Tehran and Tel Aviv has not stopped, and their relationship has evolved into a continuous digital shadow war, targeting everything that can be disrupted, from vital infrastructure to financial systems, government institutions, and energy, transportation, and water networks.