Iran-Israel Cyber War Goes Global

What started off as posturing from the Islamic Republic has turned into more serious cyberattacks against the US, Albania, and more.

Irans cyber conflict with Israel has reached global proportions, with cyberattacks against businesses and government agencies on other continents causing arguably as much ruckus as those in Israel itself.
Its a classic case of cyber imitating life. While US military bases and international shipping routes are peppered by its proxy terrorist outfits — most notably, the dernier cri Houthis — Irans cyber threat cloud has been spreading its attacks into the US and Europe, against targets perceived to be aligned with its bête noire.
In
a report published this week
, Microsoft characterized this global proliferation as a Phase 3 in Irans hebraic cyber offensive.
This is highly likely to be part of the Iranian governments strategic pressure campaign, says a threat intelligence analyst from Recorded Futures Insikt Group, who chose not to be named for this story. Tehran is hoping to influence governments directly and not [get] directly involved in the conflict via the ability to impact economies. They are highly likely aiming to influence business communities to pressure their governments to support a cessation of Israeli military activities in the Gaza Strip.
Among the latest victims of this Phase 3 pressure offensive: an Albanian government organization and Irans military guard itself.
The most recent known case occurred on Feb. 1. Albanias Institute of Statistics (INSTAT)
disclosed on Facebook
that a cyberattack which aimed to damage INSTATs data has caused the Internet services of the official website and email to be interrupted.
In
an official statement
, the countrys National Authority for Electronic Certification and Cyber Security (AKCESK) clarified that the affected INSTATE systems are not currently classified as critical or important information infrastructure.
On Telegram, the Iranian APT commonly known as Homeland Justice
told a somewhat different story
. Claiming the attack for itself, it described the event as more extortion than denial-of-service (DoS), with more than 100 terabytes of population and geographic information system data copied and then deleted from the organizations servers.
As Microsoft noted in its report, Homeland Justice has previously targeted Albania, alongside other countries perceived to be in support of Israel. In a series of Telegram posts, the group framed the stolen data in the wider context of Albanias support of the terrorists, including Mojahedin-e-Khalq (MEK), an Iranian dissident group with
ties to Israels secret service
.
Meanwhile, not one day after Albanias statistics snafu, Irans cyberattack net once again reached US shores, when the Department of the Treasurys Office of Foreign Assets Control (OFAC) sanctioned six officials with the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).
The action follows a December
intrusion into Vision Series programmable logic controllers (PLCs)
, developed by the Israeli-American company Unitronics, and utilized in both countries critical infrastructure.
US authorities took remarkably fast action to sanction multiple Iranian cyber officials associated with these attacks, says Scott Small, director of threat intel at Tidal Cyber. This could provide limited deterrence against future attacks, but we also know Iranian cyber actors are persistently intent on attacking US-based targets, especially government entities.
Indeed, as OFAC
noted in its press release
, IRGC-CECs latest
high-profile industrial attacks
were far from its first or only against the US, Israel, and Europe.
Though it might at first seem short-sighted for Iran to unnecessarily drag the US into a cyber conflict, the Insikt analyst suggests that it could be a well-calculated risk.
Iran has been trying to de-escalate a kinetic tit-for-tat to minimize the risk of US retaliation against its territory. It is possible more aggressive and more global cyber operations will allow them to mitigate that risk while still contributing to the anti-Israel agenda, they suggest.
According to Microsoft, Irans pseudo-cyber war against Israel can be split into three distinct phases.
Phase 1, during the initial days following the Oct. 7 Hamas terrorist attack, was rather amateurish, the report claims. Iran-nexus groups performed
light opportunistic attacks
, leveraged pre-existing access to claim attacks against Israeli organizations, and repackaged old and publicly available data as new leaks.
Phase 2, beginning in mid-to-late October, ratcheted up the volume. The number of groups working actively against Israel rose from nine to at least fourteen. Iran conducted ten cyber-enabled influence operations in that month alone, alongside more coordinated and destructive campaigns. Still, much of the winnings from its most successful campaigns were overstated.
In Phase 3 the attacks have become even more honed, utilizing
more advanced tactics, techniques, and procedures (TTPs)
, targeting more significant businesses and
critical infrastructure operators
, and weaving in more effective messaging aimed at undermining Israeli morale and pressuring Israels allies.
This concern will only increase heading further into election season, since we know Iran has regularly sought to interfere with past US votes, Small warns.
If recent months are anything to go by, we wont know until it happens what the next Iranian cyberattack will look like.
Recent cases demonstrate that the whole range of attack methods are considered fair game for these cyber operations, including Web app exploits, credential harvesting, and even ransomware and cryptomining. This creates a wide range for potential disruptions to critical operations, plus potential fuel for influence operations whether or not the attacks cause notable material impact, Small says.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Iran-Israel Cyber War Goes Global