WASHINGTON — During recent Iranian missile attacks, Israeli civilians fleeing for safety received deceptive text messages on their Android devices promising real-time bomb shelter locations. However, clicking the link installed malicious software that granted hackers complete access to phone cameras, location data, and personal information.
Cybersecurity researchers have linked this sophisticated operation to Iranian forces, marking an unprecedented level of coordination between physical military strikes and digital espionage efforts. The incident highlights how cyber warfare has become deeply embedded in modern conflicts involving the United States, Israel, and Iran.
According to Gil Messing, chief of staff at Check Point Research, a cybersecurity company operating in both Israel and America, the timing of these fraudulent messages represented a groundbreaking fusion of digital and conventional attacks.
“This was sent to people while they were running to shelters to defend themselves,” Messing said. “The fact it’s synced and at the same minute … is a first.”
Security analysts predict these digital battles will continue regardless of any potential ceasefire agreements, as cyber operations cost significantly less than traditional military campaigns while serving different objectives focused on surveillance, data theft, and psychological intimidation rather than territorial conquest.
Although the majority of cyber incidents connected to the ongoing conflict have caused relatively limited damage to critical infrastructure or defense networks, they have forced numerous American and Israeli businesses into defensive positions, requiring rapid security updates to address vulnerabilities.
DigiCert, a Utah-based cybersecurity company, has documented approximately 5,800 digital attacks launched by nearly 50 Iranian-affiliated organizations. While most targets were American or Israeli entities, researchers also discovered strikes against networks in Bahrain, Kuwait, Qatar, and additional regional nations.
Most attacks can be easily prevented with current cybersecurity measures, but they can cause significant harm to organizations using outdated protection systems and create resource burdens even when unsuccessful.
The psychological effects on companies conducting military-related business add another layer of concern.
“There are a lot more attacks happening that aren’t being reported,” said Michael Smith, DigiCert’s field chief technology officer.
Last Friday, a pro-Iranian hacking collective claimed they had breached FBI Director Kash Patel’s account, publishing what appeared to be dated photographs along with his professional resume and personal documents. Most of these materials seemed to be over ten years old.
This incident mirrors many cyberattacks attributed to Iran-supporting hackers: flashy operations designed to energize supporters while undermining opponent confidence, but with minimal impact on actual military objectives.
Smith described these high-frequency, low-damage attacks as “a way of telling people in other countries that you can still reach out and touch them even though they’re on a different continent. That makes them more of an intimidation tactic.”
Iran appears focused on exploiting America’s most vulnerable cybersecurity points: supply chains supporting economic and military operations, plus critical infrastructure including ports, railway systems, water treatment facilities, and medical centers.
Iranian forces are also targeting data storage facilities with both cyber and conventional weapons, demonstrating these centers’ growing importance to economic operations, communications, and military information security.
Earlier this month, Iranian-supporting hackers claimed responsibility for infiltrating Stryker, a Michigan-based medical technology corporation. The group calling itself Handala stated the attack was retaliation for alleged American strikes that killed Iranian students.
Cybersecurity researchers at Halcyon recently released findings about another recent cyberattack against a healthcare organization. While Halcyon kept the company’s identity confidential, they reported hackers used tools that American authorities have connected to Iran for installing destructive ransomware that locked the company out of its own systems.
The attackers never requested payment, indicating their motivation centered on causing destruction and disorder rather than financial gain.
Combined with the Stryker incident, “this suggests a deliberate focus on the medical sector rather than targets of opportunity,” said Cynthia Kaiser, senior vice president at Halcyon. “As this conflict continues, we should expect that targeting to intensify.”
Artificial intelligence technology enables hackers to increase both the frequency and speed of cyberattacks while automating much of the process.
However, disinformation campaigns represent where AI has shown its most damaging impact on public confidence. Supporters from all sides have circulated false images depicting fabricated atrocities or fictional military victories. One manipulated image showing sunken American warships has accumulated over 100 million views.
Iranian officials have restricted internet access while working to influence how Iranian citizens perceive the conflict through propaganda and false information. Iranian government media has begun labeling genuine war footage as fabricated, sometimes replacing it with their own altered images, according to research from NewsGuard, an American company monitoring disinformation.
Growing concerns about risks from AI and hacking led the State Department to establish a Bureau of Emerging Threats last year, concentrating on new technologies and their potential use against America. This effort joins existing programs at agencies including the Cybersecurity and Infrastructure Security Agency and the National Security Agency.
AI also supports defense against cyberattacks by automating and accelerating protective measures, Director of National Intelligence Tulsi Gabbard recently informed Congress.
The technology, she explained, “will increasingly shape cyber operations with both cyber operators and defenders using these tools to improve their speed and effectiveness,” Gabbard said.
While Russia and China are considered more significant cyber threats, Iran has still conducted multiple operations targeting Americans. In recent years, Tehran-affiliated groups have penetrated President Donald Trump’s campaign email systems, targeted American water treatment plants, and attempted to breach military and defense contractor networks. They have also impersonated American activists online to secretly promote anti-Israel demonstrations.
