Please or Register to create posts and topics.

Origins and Evolution of Iran-Israel Cyberwarfare

On June 27th, 2022, Iran’s second-largest state-owned steel company, Khouzestan Steel Company (KSC), was forced to halt production following a major cyber-attack. Hacktivist group Predatory Sparrow (Gonjeshke Darande in Persian) claimed responsibility for the attack, releasing a video which showed that they had damaged equipment and caused a “serious fire” in the KSC factory. The group also leaked large amounts of KSC’s private documents and emails.

Iran blamed “foreign enemies” for the cyber-attack. Although the origins of Predatory Sparrow are unknown, it is widely believed that the group is either operated or sponsored by a state. Given the complexity of the cyber-attack, the history of cyberwarfare between Iran and Israel, and the difficulty in tracing the source of cyber-attacks, Israel is understandably the primary suspect.

Iran and Israel have been locked in a shadow war for the past few decades, with neither state willing to engage in direct conflict with the other. From 2010 onwards, this shadow war has gained a new dimension: cyberwarfare. Cyber-attacks have been one of the most common tools used by both Iran and Israel to cause disruption within the other state. In recent years, particularly from 2020 onward, Iran-Israel cyberwarfare has become much more aggressive and overt than before. In order to understand the current context of Iran-Israel cyberwarfare, we first need to analyse its origins.

Origins of Iran-Israel Cyberwarfare

The origins of Iran-Israel cyberwarfare, and of cyberwarfare in general, can be traced back to the Stuxnet computer worm, which was reportedly developed by both Israeli and US intelligence agencies in 2010 to target Iran’s nuclear programme. The use of Stuxnet resulted in around 1,000 of Iran’s 5,000 centrifuges being damaged and 20,000 computers becoming infected with the worm. This was clearly an attempt by Israel and the US to disrupt Iran’s nuclear programme, and the first major act of cyberwarfare between states. The Pandora’s box of cyberwarfare had well and truly been opened.

Following the Stuxnet incident, Iran began to develop both its offensive and defensive cyber capabilities. From 2012 to 2015, Iran’s cybersecurity budget increased by 180%, and Iran completely transformed its cyberspace infrastructure. Still, Iran’s government systems and nuclear program were regularly targeted by various computer viruses, such as Stars, Duqu, Wiper, Flame and others. The aim of these cyber-attacks was intelligence gathering, the stealing and destruction of sensitive data, and generally attempting to cause disruption within Iran. Once again, tracing the perpetrator of these cyber-attacks was a nearly impossible task. However, the similarity of the attacks to the Stuxnet worm, coupled with aggressive statements made by Israeli and US leadership certainly substantiated Iran’s blame of the two states. From 2012 onwards, Iran also began to retaliate against Israel with its own cyber-attacks, regularly targeting Israeli government officials and attempting to gain access to sensitive data. Iran and Israel remained embroiled in a cyberwar prior to 2020, but these cyber-attacks were mostly covert and rarely caused significant damage or disruption.

Evolution of Iran-Israel Cyberwarfare

Iran-Israel cyberwarfare has significantly intensified since 2020. Not only has the frequency of cyber-attacks greatly increased, but both states now seem more willing to target civilian infrastructure.

In 2020, Israel’s Water Authority was targeted through cyber-attacks aimed at increasing the chlorine level in the water supply to dangerously high levels, with the attack resulting in limited disruptions in the water distribution systems. After a few weeks, the computer systems that regulate maritime traffic at Iran’s Shahid Rajaee port were hit with a cyber-attack, with the resulting disruption lasting for three days. Given that Israel had blamed Iran for the cyber-attack on its Water Authority, this was likely an act of retaliation. In the same year, Iranian nuclear facilities were also hit by multiple alleged cyber-attacks, which Iran was able to thwart without incurring any significant damages. After the cyber-attacks, Iran’s Civil Defence Chief Gholamreza Jalali stated that “responding to cyber-attacks is part of the country’s defence might. If it is proven that our country has been targeted by a cyber-attack, we will respond”.

In 2021, hackers caused chaos at Iranian train stations by posting fake messages about cancellations. Later that year, after a cyber-attack targeting Iran’s gas stations made them unable to accept smartcard payments for 12 days, all 4,300 of Iran’s gas stations were greatly affected. After the cyber-attacks, Iranian President Ebrahim Raisi stated that “there should be serious readiness in the field of cyberwar and related bodies should not allow the enemy to follow their ominous aims to make problem in trend of people’s life”. Although Predatory Sparrow claimed responsibility for both attacks, Iran’s accusation was directed solely towards Israel and the US.

The same year, an alleged cyber-attack caused a blackout at Iran’s Natanz nuclear facility, after which 300 pounds of explosives were smuggled in and detonated. The attack resulted in thousands of nuclear centrifuges being destroyed. US officials proudly stated that it would take at least nine months to resume uranium enrichment at the facility. Iran vowed that it would take “revenge from the Zionists”.

In 2022, there were several cyber-attacks launched on Israeli government websites, which caused Israel to declare a state of emergency. The latest round of cyber-attacks on Iran’s steel companies, also mentioned above, are simply a continuation of the decade long cyberwar between Iran and Israel.


The new wave of Iran-Israel cyberwarfare since 2020 is a worrying development. Both states have increasingly targeted civilian infrastructure, as mentioned above. Those affected most by these cyber-attacks have been the citizens of the two countries. The disruption caused at Iranian ports and gas stations directly impacted the Iranian economy as well as the trust of the Iranian citizens on the effectiveness of the state. Likewise, if the cyber-attack on Israel’s Water Authority had been successful, it would have resulted in direct harm to the lives of Israeli citizens.

Both Iran and Israel seem to view cyberwarfare not as a means of directly defeating the enemy, but more as a tool of both psychological warfare and a means to demonstrate its strength. This is a recipe for disaster in a region as unstable as the Middle East, and could easily lead to the inadvertent escalation of a conflict. If either state perceives a cyber-attack on its critical or civilian infrastructure as an act of war, then it could result in escalation of the conflict and possible military action. The use of proxy states by Iran and Israel also complicates the matter. If a cyber-attack is committed by a non-state actor, but the targeted state attributes the attack to a state, then this could also lead to inadvertent escalation of a conflict.

Ultimately, Iran-Israel cyberwarfare will serve as an example to other states that limited cyber-attacks against adversaries could be a viable alternative to direct confrontation. Cyberwarfare might not cause large-scale damage at the extent seen by conventional or other emerging technologies, but it serves the important purpose of majorly disrupting the enemy’s critical and civilian infrastructure. In the case of Iran and Israel, it seems that neither state is willing to back down from the cyber race, and that we will see the continuation and possible escalation of this cyberwarfare. Whatever the case may be, with the increasing dependency of virtually every industry on computer systems and software, cyberwarfare is certainly here to stay.