Iranian cyberattacks on Israel have skyrocketed since Oct. 7th

(Shutterstock/Illustrative)

Western traffic to Iranian media sites remains 28% above pre-war levels.

By Pesach Benson, TPS

Iran’s online disinformation activities and cyber attacks on Israel have soared since October 7, a Microsoft report released on Tuesday said.

“Iran’s activity quickly grew from nine Microsoft-tracked groups active in Israel during the first week of the war to 14, two weeks into the war. Cyber-enabled influence operations went from roughly one operation every other month in 2021 to 11 in October 2023 alone,” the report said.

“As the war progressed, Iranian actors expanded their geographic scope to include attacks on Albania, Bahrain, and the USA. They also increased their collaboration, enabling greater specialization and effectiveness,” the report continued.

According to the report, “Cyberattacks became increasingly targeted and destructive and IO [influence operation] campaigns grew increasingly sophisticated and inauthentic, deploying networks of social media ‘sockpuppet’ accounts.”

The campaign was successful, the report said, noting a 42% increase in traffic to Iranian news sites from the US, Britain, Canada, Australia, and New Zealand during the first month of the war. That level has dropped somewhat, but Western traffic to Iranian media sites remains 28% above pre-war levels.

The report said Iran’s efforts were to “undermine Israel and its supporters across the internet and social media, causing general confusion and a loss of trust.” Tehran’s four-pronged approach includes exacerbating domestic political and social rifts in target countries, cyberattacks against Israeli infrastructure in “retaliation” for the war in Gaza, intimidating Israeli supporters and their families, and undermining international support for Israel.

The report highlighted a new Iranian trend of hackers masquerading as Israelis. “In one recent operation, ‘Tears of War,’ Iranian operatives convinced Israelis to hang branded ‘Tears of War’ banners using AI-generated images in Israeli neighborhoods, based on Israeli press reporting,” the report said.

The report also raised the concern of greater collaboration between various Iran-affiliated hacker groups. The cooperation “allows each group to contribute existing capabilities and removes the need for a single group to develop a full spectrum of tooling or tradecraft,” the report said.

The report said its findings raised troubling concerns for the future, especially with the prospect of similar influence campaigns to disrupt the US presidential elections.

“Amid the rising potential of a widening war, we expect Iranian influence operations and cyberattacks will continue to be more targeted, more collaborative and more destructive as the Israel-Hamas conflict drags on. Iran will continue to test redlines, as they have done with an attack on an Israeli hospital and U.S. water systems in late November,” the report stressed.

“The increased collaboration we have observed between different Iranian threat actors will pose greater threats in 2024 for election defenders who can no longer take solace in only tracking a few groups. Rather, a growing number of access agents, influence groups, and cyber actors makes for a more complex and intertwined threat environment.”

Related Post