Israeli Official Reports Sharp Rise in Iranian Cyberattacks in 2026

Key Takeaways

• Israeli cyber authorities recorded roughly 4,800 hostile cyber incidents in June 2026, triple the number reported in June 2025.
• Yossi Karadi, director general of Israel’s National Cyber Directorate, warned that the increase is linked to the U.S.-Israeli military offensive against Iran and that some attacking groups are highly sophisticated.
• Unlike kinetic warfare, there is no “ceasefire” in cyberspace; attacks continue relentlessly regardless of battlefield developments.
• Iranian‑linked cyber operations have targeted critical infrastructure, government institutions, small‑ and medium‑sized businesses, law firms, accounting firms, and individual citizens.
• While Israel has so far thwarted attacks on its most vital systems, organizations with weaker cyber defenses have suffered severe disruptions, including the destruction of computer systems.
• Iran publicly denies conducting cyberattacks abroad, often claiming it is itself a victim of foreign cyber operations.
• The escalation highlights the growing role of cyber tools in regional conflicts and underscores the need for stronger defensive measures, international norms, and cooperative threat‑intelligence sharing.

Introduction to the Rise in Iranian Cyber Activity
Reuters recently reported a sharp uptick in cyberattacks originating from Iran and directed at Israel, a trend that coincides with the launch of the U.S.-Israeli military offensive against Iran earlier this year. Citing Israel’s top cyber security official, the news agency noted that hostile cyber incidents recorded by Israeli authorities jumped from about 1,600 in June 2025 to roughly 4,800 in June 2026—a nearly threefold increase. This surge suggests that Tehran is leveraging its cyber capabilities as a complementary front to conventional military pressure, attempting to impose costs on Israeli society and infrastructure while avoiding direct kinetic confrontation.

Statement from Israel’s National Cyber Directorate Director General
Yossi Karadi, director general of Israel’s National Cyber Directorate, spoke to the German newspaper Die Welt about the evolving threat landscape. He emphasized that the recent spike in cyber activity is not random but appears to be correlated with the ongoing U.S.-Israeli operations against Iran. Karadi cautioned that several of the groups responsible for the attacks demonstrate a high level of technical sophistication, employing advanced malware, zero‑day exploits, and coordinated multi‑vector campaigns that warrant serious attention from both defensive and policymaking communities.

Comparison of Cyber Incident Numbers June 2026 vs. June 2025
The quantitative jump from 1,600 incidents in June 2025 to 4,800 in June 2026 provides a concrete metric of the escalation. Analysts note that the increase cannot be explained solely by natural growth in cyber threat volume; instead, it aligns temporally with the intensification of kinetic hostilities. The data suggest that Iranian cyber units have scaled up their operational tempo, possibly activating additional teams, reallocating resources, or leveraging newly developed tools to maximize impact during a period of heightened geopolitical tension.

Nature and Sophistication of the Attacking Groups
Karadi stressed that some of the actors behind the recent campaigns are “highly sophisticated” and should be taken seriously. This characterization implies the use of custom‑built malware, supply‑chain compromises, and perhaps even artificial‑intelligence‑driven reconnaissance to identify vulnerabilities. Such groups often operate under the auspices of Iran’s Islamic Revolutionary Guard Corps (IRGC) cyber division or affiliated proxy hacker collectives, enabling them to persistently probe Israeli networks, exfiltrate sensitive data, and deploy ransomware or wiper malware designed to cripple operations.

Cyber Conflict Has No Ceasefire
In a striking remark, Karadi observed, “Unlike in the kinetic realm, there’s no ceasefire in cyberspace.” This statement captures a fundamental asymmetry between traditional warfare and cyber conflict: while battles may pause for diplomatic negotiations or humanitarian truces, malicious cyber activity can continue unabated, exploiting the constant connectivity of modern societies. Consequently, Israeli defenders must maintain a perpetual state of readiness, monitoring networks around the clock and updating defenses even when frontline hostilities appear to de‑escalate.

Targets of the Iranian Cyber Campaign
The scope of the Iranian‑linked attacks is broad, reflecting a strategy aimed at exerting pressure across multiple sectors of Israeli society. Critical infrastructure—such as power grids, water treatment facilities, and telecommunications networks—has been a primary focus, given its potential to cause widespread disruption. Government institutions, including ministries and municipal services, have also been targeted to undermine administrative functions. Beyond these high‑value targets, small and medium‑sized enterprises, law firms, accounting firms, and ordinary citizens have reported phishing attempts, credential‑theft campaigns, and ransomware infections, indicating a deliberate effort to create pervasive insecurity and economic strain.

Impact on Organizations with Weaker Defenses
While Israel’s national cyber defenses have managed to block many attempts aimed at critical assets, organizations lacking robust cybersecurity posture have borne the brunt of the assault. Karadi noted that some victims have experienced “severe disruptions, including the destruction of computer systems.” Such outcomes can result from wiper malware that overwrites data, ransomware that encrypts essential files, or distributed denial‑of‑service (DDoS) attacks that cripple online services. The fallout includes financial losses, reputational damage, and, in some cases, the temporary cessation of business operations, underscoring the importance of baseline cyber hygiene for all entities, regardless of size.

Successes in Defending Critical Infrastructure
Despite the aggressive nature of the Iranian campaign, Israeli authorities have reported success in safeguarding the nation’s most vital systems. Through a combination of real‑time threat intelligence sharing among military, intelligence, and civilian cyber units, and the deployment of advanced intrusion‑prevention technologies, Israel has managed to thwart attempts that could have led to catastrophic failures in electricity supply, water treatment, or communications. This defensive achievement highlights the effectiveness of a layered, coordinated approach to national cyber resilience, even as adversaries continue to refine their tactics.

Iran’s Official Stance and Counterclaims
In line with its longstanding position, Iran has publicly denied responsibility for the cyberattacks against Israel, maintaining that it does not engage in offensive cyber operations abroad. Instead, Tehran frequently asserts that it is itself a target of foreign cyber campaigns, often attributing such activities to Israel, the United States, or other Western nations. This narrative serves both to deflect blame and to rally domestic support by portraying Iran as a victim of external aggression, a common tactic in the information‑warfare dimension of the conflict.

Broader Implications for Regional Cybersecurity and International Norms
The escalation of Iranian‑origin cyber activity against Israel carries wider ramifications for the Middle East and the international community. It demonstrates how cyber tools are increasingly integrated into hybrid warfare strategies, blurring the lines between peacetime espionage and wartime aggression. The trend raises urgent questions about the adequacy of existing international norms governing state behavior in cyberspace, the effectiveness of attribution mechanisms, and the need for confidence‑building measures to prevent miscalculation. Moreover, it signals to other nations that investing in offensive cyber capabilities can yield strategic leverage, potentially spurring an arms race in the digital domain.

Recommendations for Enhancing Cyber Resilience
To counter the evolving threat, Israel—and other nations facing similar risks—should consider several steps:

1. Expand Public‑Private Partnerships: Encourage sharing of threat intelligence and best practices between government agencies and private sector operators, especially in critical infrastructure.
2. Mandate Baseline Cyber Hygiene: Implement regulations requiring regular patching, multi‑factor authentication, and employee cybersecurity awareness training for all organizations, irrespective of size.
3. Invest in Advanced Detection Technologies: Deploy AI‑driven anomaly detection and behavioral analytics to identify zero‑day exploits and sophisticated multi‑stage attacks early.
4. Develop Offensive Deterrence Capabilities: Maintain credible cyber counter‑strike options that can dissuade adversaries from launching large‑scale campaigns.
5. Promote International Norm Advocacy: Engage in diplomatic forums to advocate for clear rules prohibiting attacks on civilian critical infrastructure and to establish mechanisms for accountability and restitution.

By adopting a comprehensive strategy that blends defensive hardening, proactive threat hunting, and international cooperation, Israel can better safeguard its digital assets while contributing to a more stable and secure global cyberspace.