Iranian hackers keep targeting Israeli industries even after the war is temporarily halted

Background

On June 24, 2025, Israel and Iran agreed to a temporary ceasefire, pausing large-scale military operations. However, evidence suggests that Iranian-linked cyber actors have continued to mount offensive campaigns against critical Israeli industries, pursuing espionage, disruption, and data theft.

Ongoing Threat Landscape

Despite this lull in kinetic hostilities, offensive cyber activity has not abated. More than 120 pro‑Iranian cyber collectives remain active, leveraging both state‑sponsored groups and opportunistic hacktivists to target Israeli entities.

The broader strategic objective is clear: these campaigns are unlikely to stop until the Iranian regime itself is weakened or overthrown. In this sense, cyber warfare becomes an asymmetric pressure tool, intended to erode critical infrastructure resilience and public confidence until political change is forced.

Furthermore, it’s not only Israeli organizations in the attackers’ crosshairs. U.S. companies—especially those with ties to Israeli defense or technology sectors and even private individuals are increasingly targeted. These efforts include:

• Corporate Espionage: Theft of R&D data and proprietary IP from defense contractors.
• Supply‑Chain Intrusions: Compromising smaller U.S. vendors to pivot into larger Israeli‑affiliated corporations.
• Personal Data Harvesting: Sending spear‑phishing lures to executives and researchers to steal credentials or implant backdoors.

Notable Incidents

1. APTIran Ransomware Campaign
   • Deployment of ALPHV and LockBit variants against both government and private servers in Israel and the U.S.
2. Shin Bet‑Foiled Phishing for Assassination Intel
   • Spear‑phishing emails disguised as Google Meet invites targeting Israeli security officials—and similar tactics now aimed at U.S. defense analysts.
3. ICS Reconnaissance & Supply‑Chain Attacks
   • Ongoing scans of industrial control systems in Israeli utilities, plus indirect access attempts via U.S. component manufacturers.

Industry Impact

• Energy & Utilities: Heightened SCADA network isolation and accelerated multi‑factor rollout.
• Manufacturing: Zero‑trust segmentation and immutable backup policies.
• Telecommunications: Surge in credential‑spraying attacks aimed at harvesting session tokens.

Expanded Mitigation Strategies

1. Proactive Political‑Risk Adjustments
   • Recognize cyber campaigns as part of a broader geopolitical pressure plan; adjust business continuity and insurance accordingly.
2. Enhanced International Collaboration
   • Joint U.S.–Israeli cyber defense exercises and shared CERT alerts.
3. Individual Vigilance
   • Personal executive protection: dedicated secure devices for email and collaboration tools.

Conclusion

Iranian cyber actors view digital attacks as a means to expedite political objectives. As long as they believe regime change is their endgame, these operations will persistand may even intensify. Consequently, organizations and individuals in both Israel and the United States must adopt a resilient, intelligence-driven security posture, combining robust technical defenses with strategic, cross-border cooperation.