Iran-Israel Cyber Conflict: An In-Depth Analysis of Threat Actors and Cyber Operations

The cyber battlefield between Iran and Israel has escalated into a persistent, multi-dimensional conflict targeting national infrastructure, defense assets, and civilian digital ecosystems. This post analyzes key threat actors, their tactics, and the strategic implications of their operations.

The primary goal is to present a comprehensive view of the motivations, capabilities, and activities of cyber groups aligned with both countries, while assessing their broader impact on national security, critical services, and public morale.

Iranian Threat Actor Activity

Mr Hamza – Disrupting Israel’s Defense Sector

Primary Tactic: DDoS Attacks
Notable Targets:

• Emtan Karmiel Ltd. (emtan.co.il) – Israeli security and defense systems
• Israel Aerospace Industries (IAI) (iai.co.il) – Key military aerospace manufacturer
• Elbit Systems (elbitsystems.com) – Defense electronics supplier
• Rafael Advanced Defense Systems (rafael.co.il) – Missile and military tech developer

Impact: Mr Hamza has successfully disrupted multiple high-profile defense contractors, temporarily taking down websites and causing operational delays. Their attacks align with Iran’s strategy to weaken Israel’s military-industrial complex.

Cyber Jihad Movement – Targeting Israeli Telecom

Primary Tactic: DDoS Attacks
Notable Targets:

• Pelephone (pelephone.co.il) – Major Israeli mobile provider
• Partner Communications (partner.co.il) – Leading telecom company

Impact: These attacks caused widespread network disruptions, affecting communication services across Israel. The group’s focus on telecom suggests an intent to destabilize civilian and possibly military communications.

GARUDA ERROR SYSTEM – Travel Sector Disruption

Primary Tactic: DDoS Attacks
Notable Target:

• ukguide.co.il – Israeli travel and tourism site

Impact: The attack rendered the website inaccessible, likely aiming to harm Israel’s tourism economy and create public frustration.

Wearerootsec – Chemical Industry Sabotage

Primary Tactic: DDoS Attacks
Notable Target:

• Shalon Chemical Industries (shalon.co.il) – Producer of industrial and agricultural chemicals

Impact: The attack disrupted access to the company’s website, potentially affecting business operations and supply chain communications.

Red Wolf Cyber Team – IT Services Disruption

Primary Tactic: DDoS Attacks
Notable Target:

• Running Systems (run.tournament.org.il) – IT and software services provider

Impact: The attack temporarily disabled services, demonstrating how even non-military IT infrastructure is a target in this cyber war.

Inteid – Transportation Sector Attacks

Primary Tactic: DDoS Attacks
Notable Target:

• CITYRIDE (cityride.co.il) – Israeli ride-sharing service

Impact: The disruption likely caused delays for commuters, showcasing how cyberattacks can have real-world consequences on daily life.

Arabian Ghosts – Media Disinformation Campaign

Primary Tactic: DDoS Attacks
Notable Target:

• Israel News (israelnews.co.il)

Impact: By targeting media, the group aimed to control narratives, spread fear, and limit access to information during heightened tensions.

Unknowns Cyber Team – Healthcare & Travel Disruptions

Primary Tactic: DDoS Attacks
Notable Targets:

• Round The World Ltd. (rtw.co.il) – Travel agency
• Israeli Hospitals Association (israelihospitals.org.il)

Impact: Attacking healthcare and travel services indicates a strategy to maximize civilian disruption, not just military or government systems.

Moroccan Black Cyber Army – Financial Sector Attacks

Primary Tactic: DDoS Attacks
Notable Target:

• GMT – Global Money Transfers (gmtonline.co.il)

Impact: Disrupting financial services could hinder transactions, damage trust in Israeli banking, and create economic instability.

DieNet – Psychological Warfare & Data Leaks

Primary Tactics: DDoS + Data Leaks
Notable Attacks:

• 103FM Radio – Took the station offline, declaring: “Zionist radio is below our attacks until Iran’s missile strikes end.”
• BeatBox Karaoke Chain – Leaked 61,000 customer files (June 2025)

Impact: Beyond service disruption, DieNet engages in psychological operations, using cyberattacks to amplify fear during real-world conflicts.

APTIran – High-Profile Data Breaches

Primary Tactics: Data Leaks + Cyber Espionage
Notable Attacks:

• Leaked 300+ Israeli phone numbers (June 2025)
• Claimed breach of Iron Dome data
• Released a 62.6MB video showing attacks on defense firms (Israel Aerospace Industries, Elbit Systems, etc.)

Impact: APTIran’s operations suggest deep intrusions into sensitive systems, posing severe national security risks for Israel.

GoldenFalcon Team – Military Intelligence Gathering

Primary Tactic: Cyber Espionage
Notable Operation:

• Exposed an alleged Iron Dome site via satellite imagery (June 2025)

Impact: By revealing military locations, this group aids physical targeting strategies, blurring the line between cyber and kinetic warfare.

These pro-Iran groups employ a mix of DDoS attacks, data leaks, defacements, and psychological operations to destabilize Israel. Their targets span military, government, finance, media, and civilian infrastructure, indicating a hybrid warfare approach.

As Iran-Israel tensions persist, these cyber campaigns will likely intensify, making cybersecurity defense a critical priority for governments and businesses in the region.

Israeli Threat Actor Activity

While Iranian hacking groups have been highly active in targeting Israeli infrastructure, several cyber collectives have emerged in support of Israel, engaging in counter-cyber operations, retaliatory attacks, and defensive actions against Iranian-linked threats. Below is an analysis of the key pro-Israel cyber actors and their activities.

Gonjeshke Darandew – Disrupting Iranian Financial Networks

Primary Tactic: Data Breaches & Leaks
Notable Attack:

• Nobitex Cryptocurrency Exchange – In June 2025, the group claimed to have leaked Nobitex’s source code and internal data, alleging that the platform was used for Iranian terror financing.

Impact:

• Disrupted a major Iranian crypto exchange, potentially affecting Tehran’s ability to bypass sanctions.
• Demonstrated Israel’s capability to strike back in the cyber domain with precision.

---

2. Anonymous Israel – Defensive & Retaliatory Cyber Operations

Primary Tactics: DDoS, Monitoring, Counter-Hacking
Activities:

• Engages in defensive cyber actions to protect Israeli networks.
• Unconfirmed reports suggest retaliatory DDoS attacks against pro-Iran groups.
• Likely involved in monitoring and infiltrating Iranian-aligned hacker channels.

Impact:

• Acts as a cyber militia, countering Iranian threats in real-time.
• Helps mitigate disruptions caused by pro-Iran hacking campaigns.

---

3. Garuna Ops – Offensive Cyber Counterstrikes

Primary Tactic: Counter-Attacks on Pro-Iran Targets
Activities:

• Conducts offensive cyber operations against Iranian-linked entities.
• Limited public details, but Telegram channels suggest coordinated strikes on Iranian propaganda and hacking infrastructure.

Impact:

• Likely disrupts Iranian cyber operations by targeting their communication and attack infrastructure.
• Serves as a deterrent against further Iranian cyber aggression.

Conclusion

The digital battlefield between Iran and Israel has become increasingly active, with cyber operations now complementing traditional geopolitical conflicts. This shadow war involves numerous hacking collectives conducting sophisticated attacks that target critical infrastructure, government systems, and civilian networks.

The Digital Arms Race

Recent incidents reveal the escalating nature of this conflict:

• In mid-2025, a significant data breach exposed sensitive Israeli military and government communications, including air force databases and official correspondence
• Telecommunications networks in both nations have suffered repeated disruptions
• Financial systems and critical infrastructure have become prime targets for disruption

The attacks employ various methods:

1. Distributed Denial of Service (DDoS) campaigns overwhelming websites
2. Sophisticated data exfiltration operations
3. Psychological operations through controlled information leaks
4. Infrastructure probing and vulnerability scanning

Defensive Strategies and Countermeasures

Nations and organizations can implement several protective measures:

1. Enhanced Cyber Defenses
   • Implementation of AI-driven threat detection systems
   • Regular security audits and penetration testing
   • Network segmentation to contain potential breaches
2. Intelligence Sharing
   • Establishment of international cyber threat intelligence networks
   • Real-time information exchange between allied nations
   • Collaborative analysis of attack patterns and malware signatures
3. Resilience Building
   • Development of redundant systems for critical infrastructure
   • Comprehensive incident response plans
   • Workforce cybersecurity training programs
4. Legal and Diplomatic Measures
   • Development of international cyber warfare norms
   • Diplomatic channels for conflict de-escalation
   • Cross-border law enforcement cooperation

The Human Factor in Cyber Conflict

Beyond technical systems, these operations target human psychology:

• Carefully timed leaks maximize psychological impact
• Social media manipulation amplifies the effects of technical breaches
• Narrative control becomes as important as system penetration

The conflict demonstrates how cyber capabilities have become:

• A tool for asymmetric warfare
• A means of projecting power without direct confrontation
• A channel for continuous low-intensity conflict

Future Outlook

The ongoing digital conflict suggests:

• Increasing sophistication of attack methods
• Greater involvement of non-state actors
• Potential for unintended escalation
• Need for improved international frameworks

Organizations operating in affected regions should:

• Maintain heightened cybersecurity posture
• Monitor threat intelligence feeds regularly
• Develop comprehensive continuity plans
• Foster cybersecurity awareness at all levels

This evolving situation underscores how cyber operations have become an integral part of modern geopolitical conflicts, requiring new strategies for defense, deterrence, and de-escalation. The technical nature of these threats demands equally sophisticated responses that combine technological solutions with strategic thinking and international cooperation.