Fake military alerts and death texts expose brutal new front in Iran-Israel conflict
As missile sirens sounded across Israel earlier this month, thousands of Israelis received text messages claiming to be from their military, urging them to download a fake shelter app that could have stolen vast amounts of personal data.
Others received a mass text stating: “Netanyahu is dead. Death is approaching you and soon the gates of hell will open before you. Before the fire of Iranian missiles destroys you, leave Palestine.”
Cybersecurity experts say these messages are the most visible aspect of a vast cyber war being waged in the depths of the internet between Iran, Israel, the US, and their online sympathizers.
“The Iranians are going all out on this,” said Chris Krebs, a former director of the Cybersecurity and Information Security Agency (CISA) and one of the most senior civilian US cybersecurity officials.

Their goals vary widely, from spreading fear to causing chaos, acquiring intelligence, and isolating missile targets. In the shadowy realm of cyber warfare, it’s difficult to ascertain who even holds the upper hand.
However, succeeding in cyberspace has become crucial for shaping perceptions and undermining enemy morale, prompting Iran to heavily invest in efforts to breach American and Israeli firewalls.
Iran possesses three different levels of cyber operators, with often blurred boundaries, according to analysts and former officials.
The most experienced are directly operated by the Islamic Revolutionary Guard Corps and Iran’s Ministry of Intelligence. They maintain a bewildering array of front organizations to provide plausible deniability for attacks and issue public threats.
Iran also employs semi-autonomous hacking proxies, cybercriminals, and contractors. In addition, volunteer hacktivists frequently rally behind Tehran.
Their most destructive attack attributed to them targeted Stryker, a multi-billion-dollar American medical technology company with clients including the UK’s National Health Service. Thousands of employees were sent home after being locked out of their computers earlier this month, disrupting supplies of critical equipment and delaying surgeries.
Handala, a hacking group believed by cybersecurity researchers and the US government to be connected to Iranian intelligence, claimed to have wiped around 200,000 devices in what Krebs called the most significant wartime cyberattack against the US ever witnessed.
Handala also claimed to have breached a personal email account belonging to FBI Director Kash Patel, publishing personal photographs. The FBI confirmed that his emails had been targeted by "malicious actors," but stated the information was "historical in nature."
The current military campaign has intensified a longstanding cyber battle between the three countries. The US and Israel possess formidable offensive capabilities and have tended to deliver more substantial strategic blows than Iran, such as significantly damaging the Iranian nuclear program with the malware known as Stuxnet, discovered in 2009.
Israel also wielded its cyber intelligence to deliver one of the biggest blows of the war: years ago, it hacked nearly all the traffic cameras in Tehran as part of an extensive intelligence-gathering operation ahead of its assassination of Supreme Leader Ayatollah Ali Khamenei.

Iran, meanwhile, is considered less technically skilled than Russia or China, often relying on phishing and crude "wiper" malware that deletes targets’ data.
Nevertheless, Tehran has historically used cyberattacks as a low-cost means to fight asymmetric warfare with its stronger rivals, spreading confusion and jamming their operations. In 2022, some Israeli media outlets accused Iranian hackers of infiltrating an old phone belonging to the wife of Mossad chief David Barnea, leaking what appeared to be his personal information on Telegram.
According to Alexander Leslie of the US-based cybersecurity firm Recorded Future, Iran has been waging the current campaign on two fronts.
To target softer objectives and conduct psychological warfare, it relies on its louder hacktivist fronts and proxies.
However, Iran’s more threatening groups have been quieter. Analysts say top operatives have been methodically searching for vulnerabilities, scouting for entry points, and positioning themselves in target networks.
Seedworm, a group that the US and UK claim is linked to Iranian intelligence, has been detected trying to infiltrate US networks since early February, according to cybersecurity firm Symantec. The group has been expelled from a US bank, an airport, and a software company that supplies the defense industry.
But Iran appears to be making the most effort to break through Israel’s robust cyber defenses, which are more substantial than those of the US.
Israeli authorities say it has launched thousands of wiper attacks on Israeli companies, successfully targeting around 50. Its operatives’ hacking of security cameras across Israel and the Gulf has aided in targeting drone and missile strikes, said Gil Messing from Israeli cybersecurity firm Check Point Software.

Despite the ongoing noise, some analysts are surprised that Tehran has not targeted more decisive strategic targets. In the past, it has attacked American and Israeli critical infrastructures, such as water treatment plants, but has not delivered similar blows during the current conflict.
Several explanations exist: early Israeli strikes may have weakened Iran’s capabilities; Tehran may have hindered its own hackers by throttling its internet for domestic censorship; and designing the complex malware necessary for significant attacks can take time.
They may also have found their way undetected into sensitive economic or military targets, residing inside to collect information. “They could have long-term access that they are not ready to expose,” said Andy Piazza at cybersecurity firm Palo Alto Networks.
In Israel, critical infrastructure cybersecurity is managed by the state, whereas in the US and Europe, the private sector must protect itself but can request government assistance post-hack. The US also has structural weaknesses stemming from the early internet’s decentralized adoption and the vast size of the country and its dispersed infrastructure.
US defensive capabilities have recently experienced further deterioration due to the Trump administration’s clashes with CISA, the agency responsible for protecting critical infrastructure, analysts noted. CISA has not had a permanent director since January 2025 and is operating at about a third of its normal staffing.
“I am concerned,” said Emily Harding of the Center for Strategic and International Studies. “The cat is out of the bag on how weak we are defensively.”

Head of Investigations
Read more similar news:
Comments:
comments powered by Disqus