As they fled an Iranian missile strike, some Israelis using Android phones received a text message containing a link to real-time information about bomb shelters. However, clicking on the link instead downloaded spyware, granting hackers access to the device's camera, location, and sensitive data. This operation, attributed to Iranian cyber actors, underscores the sophisticated coordination and evolving nature of cyber warfare, which now blends digital tactics with physical threats.

According to Gil Messing, chief of staff at Check Point Research—a cybersecurity firm with operations in both Israel and the U.S.—the timing of these bogus texts coincided with missile strikes, marking a new level of synchronization in hybrid warfare tactics. Messing emphasized that the simultaneous nature of these attacks is unprecedented, indicating a deliberate strategy designed to invoke panic and disorganization among civilians seeking safety.

Experts indicate that the digital warfare is likely to persist even in the event of a ceasefire. This is due in part to the lower costs and greater ease of cyber conflict compared to traditional forms of warfare. The aim is not to inflict casualties on a large scale but rather to engage in espionage, theft, and intimidation. Iranian-linked groups have turned toward high-volume, low-impact cyberattacks, which, while numerous, often cause minimal damage to economic or military infrastructure. These attacks pressure U.S. and Israeli companies to quickly rectify vulnerabilities in their security systems.

Investigators from the Utah-based security firm DigiCert have documented nearly 5,800 cyberattacks attributed to almost 50 groups affiliated with Iran, primarily aimed at U.S. and Israeli entities, but also extending their reach to networks in Bahrain, Kuwait, and Qatar. While many of these attacks are easily thwarted by updated cybersecurity measures, they can significantly disrupt organizations lacking robust defenses. Moreover, the psychological ramifications on companies, particularly those connected to military sectors, can be profound as the threat level escalates.

A pro-Iranian hacking group recently claimed responsibility for infiltrating the account of FBI Director Kash Patel, releasing personal documents, including outdated photographs and resume details. Such actions resemble several prior cyberattacks by pro-Iranian hackers, which often serve to instill fear in their adversaries while boosting morale among their supporters, even if they do not produce tangible results in the ongoing conflict.

Targeting specific sectors, Iran's cyber operations increasingly focus on weak points in American cybersecurity, including supply chains critical to both the economy and military efforts, as well as essential infrastructure such as hospitals and data centers. Recently, hackers supporting Iran claimed to have breached Michigan-based medical technology company Stryker, stating the attack was in retaliation for U.S. strikes resulting in civilian casualties.

In another instance, cybersecurity researchers at Halcyon revealed a distinct attack on a healthcare company using a tool associated with Iranian cyber activities that implemented ransomware, effectively locking the company out of its own systems without demanding a ransom—a move suggestive of malicious intent rather than financial gain. This focus on the medical sector indicates a deliberate strategy by Iranian cyber actors to escalate their operations within critical industries.

Artificial intelligence is playing an increasingly vital role in this new landscape of cyber warfare, enabling both attackers and defenders to enhance the speed and scope of operations. However, it is in the realm of disinformation where AI's effects are most apparent, with fake images and misinformation campaigns proliferating across platforms. Iranian state-controlled media have engaged in efforts to reframe public perceptions by labeling real wartime footage as falsified and circulating doctored images in its place.

To address the growing concerns regarding AI and hacking, the U.S. State Department recently established a Bureau of Emerging Threats focused on the implications of new technologies, complementing existing initiatives within agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA). Both offensive and defensive cyber operators leverage AI to bolster their capabilities in this new battleground.

While Russia and China are perceived as greater cyber threats, Iran's range of cyber operations aimed at American entities has been notable. In recent years, Iranian groups have infiltrated the email systems of U.S. political campaigns, targeted water facilities, and attempted breaches of military and defense contractor networks, notably impersonating American protesters to covertly stimulate anti-Israel sentiment.