As the war in the Middle East escalates, combatants are confronting a simultaneous host of cyberattacks.
A report from Radware spells out how a host of significant cyber activities related to the conflict are ongoing, including state-sponsored operations, hacktivist attacks, and disinformation campaigns.
State-sponsored cyberattacks
Radware details how the Israeli hacking group Gonjeshke Darande (Persian for Predatory Sparrow) claims to have infiltrated Iran’s state-owned Bank Sepah and destroyed the bank’s data, before breaching Iran-based cryptocurrency exchange Nobitex. Blockchain investigators say $81,7-million in digital assets were stolen from Nobitex’s wallets during the breach.
Meanwhile, Iranian-linked actors have launched waves of phishing emails, DDoS attacks, and fake alert messages aimed at Israeli civilian systems. Analysts suggest it could be planning more attacks in the future.
Hacktivism
Close to 100 different ideologically-aligned hacktivist groups around the world have mobilised, defacing websites, knocking services offline, and leaking stolen data. More than half of these are Iranian sympathisers.
Radware reports that it observed about 30 DDoS attack claims targeting Israel per day, primarily led by two groups: Mr Hamza and Arabian Ghosts.
Government and the public sector are the areas most targeted by hacktivists (27%), followed by manufacturing (20%), telecommunications (12%), media and Internet (9%), and banking and financial services (5,3%).
A number of the hacktivist groups have also threatened campaigns against the US, with the UK and Jordan also coming under fire.
Disinformation and influence campaigns
Online influence and disinformation are particularly active in this war, Radware warns. False narratives, doctored evidence, and strategic censorship make it difficult for the public to recognise the truth.
Tactics include fake emergency alerts, social media botnets, fake images and AI-generate media – with Iran particularly active on the global stage while tightening controls in-country.
Radware concludes its report: “The first week of hostilities has demonstrated that the Israel-Iran conflict is being fiercely contested in cyberspace as well as on the ground. State-backed cyberattacks have already hit significant targets, though Iran’s most dangerous cyber weapons may still be in reserve.
“A tidal wave of hacktivist activity, largely rallying to Iran’s side, is keeping Israeli networks busy fending off disruptions and leaks.
“A parallel disinformation war is attempting to influence hearts and minds worldwide, fueled by fake personas and fabricated media. Going forward, organisations in the region and around the world are on high alert for spillover effects.
“Cybersecurity firms are urging maximum vigilance, warning that critical infrastructure, supply chains, and even global businesses could become collateral targets if the cyber crossfire intensifies. The Israel-Iran conflict of 2025 is a stark illustration of modern hybrid warfare, where bytes and narratives are as much a part of the fight as bombs and missiles.”