Iran is ramping up its cyber offensive against the US and Israel, employing a mix of sophisticated tactics and proxies. Recent attacks include mass text messages in Israel claiming to be from the military, encouraging downloads of a fake shelter app that could steal personal data. Other texts spread panic by falsely declaring Israeli Prime Minister Netanyahu's death. These actions are part of a broader campaign aimed at sowing fear, gathering intelligence, and disrupting operations.
The most destructive attack attributed to Iran hit Stryker, an American medical technology company, locking out thousands of employees and delaying surgeries. Handala, a hacking group tied to Iranian intelligence, claimed responsibility for wiping over 200,000 devices, marking one of the most significant wartime cyber attacks on the US. The FBI confirmed that Director Kash Patel's emails were targeted, though no sensitive information was compromised.
Iran uses three levels of cyber operators: elite teams under the Islamic Revolutionary Guard Corps, semi-autonomous hackers, and volunteer hacktivists. While Iran may not match Russia or China in technical prowess, it leverages cyber attacks as a low-cost asymmetric tool to challenge stronger adversaries. Tehran has historically used these methods to disrupt and confuse opponents, aligning them with conventional military campaigns.
Despite the noise, some analysts question why Iran hasn't struck more decisive strategic targets during this conflict. Possible explanations include early Israeli strikes weakening Iran's capabilities, domestic internet throttling for censorship, or long-term access to sensitive networks yet to be exploited. Meanwhile, US defenses remain uneven, with structural weaknesses exacerbated by staffing issues at CISA, the agency responsible for protecting critical infrastructure.