Iranians walk past Sepah Bank in the Iranian capital of Tehran, on June 15, 2022. (Credit: Atta Kenare/AFP)
BEIRUT — As Israel and Iran trade military blows, a parallel battle is unfolding in cyberspace, with each side launching digital attacks that threaten critical infrastructure, financial systems and public trust.
On June 13, Israel launched a coordinated military and intelligence attack, and almost immediately, cyberspace became a battleground. By Tuesday, Iran’s cybersecurity command accused Israel of initiating a “massive cyber war” targeting Tehran’s digital infrastructure.
David Albright, a nuclear expert at the Institute for Science and International Security, told Reuters that Israeli cyberattacks may have targeted nuclear power plants in Iran, possibly “without leaving visible traces.”
While Iranian cybersecurity officials claimed they had repelled most of the attacks, the government’s swift response suggested otherwise.
Authorities imposed sweeping restrictions on digital communications, banning officials from using mobile phones and other communication devices, according to the semi-official Fars News Agency — underscoring the perceived severity of the threat.
On Wednesday, the country's communication ministry imposed "temporary restrictions ... on users' access to the internet," adding that the decision was due to "the aggressor's abuse of the country's communication network for military purposes."
In parallel, cyber retaliation from Iran escalated. The Jerusalem Post cited Israeli cybersecurity firm Radware as saying there had been a “700 percent surge in malicious activity within just two days,” linked to cyber operations by Iranian state-affiliated and pro-Iranian hacker groups.
Reported Israeli cyberattacks
On Tuesday, June 17, an Israeli hacking group — Predatory Sparrow — claimed responsibility for a cyberattack against Bank Sepah, one of Iran’s largest state-owned financial institutions, causing widespread outages.
"This is what happens to institutions dedicated to maintaining the dictator's terrorist fantasies," the group wrote on X.
Shortly afterward, it released sensitive internal bank documents, including files allegedly linked to the Islamic Revolutionary Guard Corps (IRGC) and its chief of staff, Mohammad Bagheri, who was assassinated at the start of Israel’s offensive.
Bank Sepah customers reported problems accessing their accounts, making withdrawals and processing card payments, according to posts circulating on X.
"A cyberattack targeted the infrastructure of Sepah Bank, causing disruptions to the institution's online services," said the Fars news agency.
On Wednesday, Iran’s semi-official Tasnim News Agency confirmed “disruptions affecting several banks, including Bank Sepah.” The report included a warning from banking officials advising the public not to click on malicious links received via text message, which could be used to compromise their accounts.
Iranian state media further warned that the disruptions could impact the country's gas stations, which rely on the bank to process transactions.
The former director of cybersecurity at the U.S National Security Agency (NSA), Rob Joyce, wrote on X, “Disrupting the availability of this bank’s funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there.”
Shortly after Iranian officials announced the new restrictions, several social media users reported that IRIB TV, one of the country’s national broadcasters, had been hacked. The channel reportedly aired messages encouraging Iranians to protest against the regime and displayed the lion emblem associated with opposition to the regime and supporters of the former shah.
On Wednesday, the hacking group claimed responsibility for a cyberattack that reportedly stole digital assets worth more than $90 million from Iranian cryptocurrency exchange Nobitex.
Israel has a long track record of launching cyberattacks against Iran, most notably the Stuxnet worm that disrupted operations at Iran’s Natanz nuclear facility in 2010.
Reported Iranian cyberattacks
Concurrently, Israeli cybersecurity experts have reported a wave of digital interference attributed to Iran-linked actors since the outbreak of the war.
Gil Messing, chief of staff at the Israeli cybersecurity firm Check Point Software Technologies, told Axios that several disinformation campaigns surfaced in the days following the initial strikes.
One widely circulated message falsely warned Israelis that fuel supplies would be suspended at gas stations for 24 hours. Another fake alert claimed a terrorist attack was imminent near a regional shelter and urged people to stay away — seemingly aimed at creating panic amid ongoing missile strikes, Axios reported.
The messages were designed to look like official warnings from Israel’s Home Front Command.
Messing also noted a rise in lower-level cyber operations potentially linked to Iran, including distributed denial-of-service (DDoS) attacks and phishing attempts.
"Their main objective is intimidation, fake news, [and] disinformation, much more than anything else," Messing told Axios, adding that most of the current cyber activity appears to be “lower profile.”
In October 2024, Microsoft reported that "Iran surged its cyber, influence, and cyber-enabled influence operations against Israel."