As tensions between Israel and Iran have escalated across military and political dimensions, a quieter but critical component has re-emerged: cyber operations. Over the past month, both countries have used digital tools alongside conventional weapons—not as decisive game-changers, but as supplements to broader military strategies. These cyberattacks have caused disruption and inconvenience more than lasting strategic shifts. Still, their increasing integration into warfare is worth watching closely.
Tactical Disruption, Not Strategic Collapse
In mid-June 2025, a group of Israeli-linked hackers reportedly compromised Bank Sepah—one of Iran’s major financial institutions. Iranian officials acknowledged data loss and some operational downtime, though core banking functions resumed shortly after. Separately, a coordinated attack on Nobitex, Iran’s largest cryptocurrency exchange, allegedly drained millions in digital assets. These cyber strikes coincided with a flare-up in conventional Israeli air operations targeting suspected IRGC infrastructure.
However, the impacts were more symbolic than transformative. Iran’s banking system continued functioning, and while the crypto attack embarrassed Iranian cyber defenders, it did not meaningfully degrade Tehran’s ability to finance its military or foreign policy. Such outcomes reinforce what experts have long cautioned: while cyber tools can be useful for disruption, they rarely offer the sort of decisive advantage that kinetic strikes can deliver.
Cyber as a Shadow Companion to Kinetic Conflict
Israel has long viewed cyber capabilities as force multipliers. The most famous example remains the 2010 Stuxnet worm—developed with U.S. support—which damaged Iranian centrifuges by covertly manipulating industrial controls. That operation delayed Iran’s nuclear program, but even then, it required years of development and insider access. Since then, Israeli cyber doctrine has evolved toward more frequent, targeted operations: causing delays, sowing confusion, or gathering intelligence.
The recent data wipes and network intrusions tied to Israeli groups appear designed more to rattle than to destroy. They lack the scale or stealth of Stuxnet and are often paired with physical actions, not deployed in isolation. The cyber domain gives Israel another tool—not a substitute—for direct force.
Iran’s Asymmetric Response: Modest but Growing
Iran has invested steadily in cyber capabilities, particularly since becoming the target of foreign cyber operations. Tehran-backed groups like CyberAv3ngers have been linked to repeated efforts to infiltrate Israeli infrastructure, from gas utilities to water facilities. The tools used are rarely cutting-edge, often relying on phishing, credential theft, and known vulnerabilities rather than zero-day exploits.
Iran has also demonstrated internal control of its digital domain, including selective internet blackouts and warnings against smart device usage. These actions are often preventive—an attempt to limit Israeli surveillance or foreign agitation during periods of heightened tension.
While Iran has not executed any publicly known cyberattack that caused large-scale physical damage abroad, its consistent low-level activity — recently exemplified by a covert operation in which its intelligence services reportedly obtained thousands of sensitive Israeli government documents, including classified files on nuclear sites and military projects — has allowed it to stay in the game. This approach, highlighted by Iranian state media as involving videos and images smuggled into secure facilities, functions more as strategic signaling than a transformative strategy.
Cyber’s Role: A Piece of the Puzzle, Not the Whole
Where cyber operations shine is in timing and coordination. For example, some analysts speculate that Israel’s June attacks on Iran’s financial systems were timed to coincide with air campaigns to create brief windows of confusion. Similarly, Iranian cyberattacks often precede or follow missile launches or proxy actions, suggesting a layered, if still evolving, hybrid doctrine.
Yet there’s little evidence to suggest these cyber efforts have been decisive. They rarely change the battlefield but may help create minor tactical advantages—delaying responses, jamming communications, or undermining morale.
Policymakers and the public should resist overhyping the scale or effectiveness of cyberattacks. The most dangerous scenarios—crippling infrastructure failures, large-scale data destruction, or kinetic attacks triggered by false cyber intelligence—remain rare. Still, the potential for escalation is real, particularly when attribution is unclear. Cyber actions offer plausible deniability, which makes them appealing for states seeking to apply pressure without full-scale retaliation. But they also risk miscalculation.
The United States has taken notice. Intelligence agencies have recently issued warnings to critical infrastructure operators, particularly banks and energy utilities, to brace for potential Iranian cyber retaliation. This is not because of proven capability for devastation, but because of the unpredictability of hybrid threats.
The Israel-Iran cyber theater is best understood not as a battlefield but as a fog bank—clouding perception, slowing movement, and complicating decisions. Cyber operations have value in this space: they can annoy, delay, or confuse. Occasionally, they can sabotage. But they are rarely decisive.
For both Israel and Iran, cyber tools are increasingly integrated into broader strategic postures. Yet for now, they remain supplementary—tools of harassment, not domination.
.svg.png){kind=small}
