Israel's Cyber War With Iran Enters New Phase as Attacks Grow More Sophisticated

Cyberattacks targeting Israel surged by 24% in 2024, driven primarily by Iran and its proxy militias. However, the nature of these threats has evolved significantly rather than following a simple upward trend.

  Asia Cyber affairs News   Apr 3, 2025  Add to Reading List
Israel's Cyber War With Iran Enters New Phase as Attacks Grow More Sophisticated

Cyberattacks targeting Israel surged by 24% in 2024, driven primarily by Iran and its proxy militias. However, the nature of these threats has evolved significantly rather than following a simple upward trend. According to the Israel National Cyber Directorate (INCD), cyber warfare against Israel has progressed through three distinct phases, with the latest stage seeing attackers shift toward more advanced tactics.

A Surge in Cyber Threats Post-October 7

Before the October 7, 2023, attacks, Israel experienced a steady number of cyber incidents. In 2023, INCD issued 367 alerts about vulnerabilities and threats. That number doubled in 2024 to 736, including 518 "red alerts" directed at specific organizations. Calls to Israel's 119 cyberattack hotline increased 24% year-over-year, with 17,078 reports in a single year.

Behind closed doors, INCD officials revealed that immediately after October 7, the number of cyberattack reports to Israel's national security operations center skyrocketed tenfold, from an average of 50 per day to over 500. The number of known Advanced Persistent Threats (APTs) targeting Israel has also doubled, though exact figures remain undisclosed.

The Three Phases of Israel’s Cyber War

According to INCD Defense Division Executive Director Tom Alexandrovich, the cyber conflict has evolved in three key stages:

  1. Early Disruptive Attacks – The initial wave of attacks focused on psychological and infrastructure disruption, including:

    • DDoS attacks on businesses and government services

    • Public address system hacks in 20 kindergartens, broadcasting warning messages

    • Digital billboard hijackings to display violent content

    • Point-of-sale (PoS) system outages, temporarily affecting gas stations and supermarkets

  2. Targeted Phishing and Business Attacks – Over time, Iran-aligned actors shifted toward phishing campaigns, targeting managed service providers (MSPs) and other essential business sectors. By 2024, phishing accounted for 41% of all cyber incidents reported via Israel’s 119 hotline.

  3. Sophisticated State-Level Cyber Operations – Iran-aligned hackers adapted their tactics, moving away from crude self-developed malware to legitimate remote monitoring and management (RMM) tools. These proxies also accelerated their response times, exploiting newly disclosed vulnerabilities within 40 minutes—a process that once took days or weeks.

Targeting the IDF and Critical Infrastructure

As Iran's cyber capabilities have advanced, their focus has shifted toward high-value targets, particularly the Israel Defense Forces (IDF) and its support ecosystem. Their cyber operations now aim at:

  • Logistics and supply chains supporting IDF operations

  • Emergency response services

  • Transportation and food supply networks

  • Missile defense system suppliers

To counter these threats, Israel's INCD has identified and mapped 3,000 companies that provide critical services to the IDF. These organizations now receive enhanced cyber protection under Israel’s "Cyber Dome", an AI-powered defense initiative modeled after the Iron Dome missile defense system.

The Psychological Toll of Cyber Warfare

Beyond direct attacks, the relentless cyber pressure has had psychological and operational consequences. Constant cyber alerts force organizations to devote significant time and energy to investigating potential breaches, creating exhaustion among cybersecurity teams.

"Imagine running a company during wartime and getting a new cyber incident report every day," Alexandrovich explained. "How much time and effort will you put into responding? Eventually, you’ll be exhausted. That’s exactly what they want."

A Conflict Without Borders

The cyber war against Israel mirrors the broader geopolitical conflict. Just hours after the INCD press briefing, Houthi militants launched a ballistic missile at central Israel, triggering air raid sirens across Tel Aviv and Jerusalem. Though the IDF intercepted the missile, the incident underscored the hybrid nature of modern warfare, where cyber and physical attacks are increasingly intertwined.

As Israel continues to harden its defenses, Iran-aligned actors are evolving just as quickly, ensuring that this cyber conflict is far from over.