Key Takeaways
- Iranian cyberattacks against Israel have surged since the joint US‑Israeli offensive against Iran began, rising from roughly 1,600 hostile incidents in June 2025 to about 4,800 in June 2026.
- The strikes target a wide spectrum: critical infrastructure, government bodies, small‑to‑medium enterprises, law firms, accounting practices, and the general public.
- Israel reports that its defenses have so far thwarted attacks on vital infrastructure, while less‑protected entities have suffered system wipes or data loss.
- Iranian officials continue to deny responsibility for overseas hacking campaigns, even as Israel warns of a sophisticated, ongoing effort aimed at officials, academics, and media figures.
- Israel’s National Cyber Directorate (INCD) stresses the need for both strong offensive capabilities and robust defense, highlighting deep cooperation with the United States and a new permanent cyber liaison agreement with Germany.
Introduction and Context
Since the launch of the US‑Israeli offensive against Iran earlier this year, Israeli cybersecurity officials have observed a sharp escalation in hostile cyber activity originating from Iran. Yossi Karadi, Director General of Israel’s National Cyber Directorate (INCD), told the German newspaper Die Welt that the increase is directly linked to the heightened kinetic tensions between the two nations. He emphasized that, unlike traditional warfare, cyberspace offers no ceasefire, requiring constant vigilance and rapid response from Israeli defenders.
Statistical Surge in Hostile Incidents
Karadi provided concrete figures to illustrate the trend. In June 2025, Israeli authorities logged approximately 1,600 hostile cyber incidents. By June 2026, that number had climbed to around 4,800 incidents—a three‑fold increase within a single year. The jump underscores both the growing sophistication of Iranian cyber actors and the expanding scope of their operations against Israeli targets.
Broad Range of Targets
According to Karadi, the attacks are not confined to a single sector. They have been directed at systems supporting Israel’s critical infrastructure, central governmental organizations, small‑to‑medium‑sized enterprises, and the broader public. Notably, law practices and accounting firms—often perceived as softer targets—have been repeatedly hit, illustrating the attackers’ willingness to exploit any vulnerable point in the national digital ecosystem.
Defensive Successes and Vulnerabilities
While the overall volume of attacks has risen, Israel reports success in protecting its most vital assets. Karadi stated that, “so far—and hopefully it stays that way—we’ve managed to fend off attacks on critical infrastructure.” In contrast, entities with weaker cyber defenses have frequently suffered severe consequences, including complete system wipes that erase data and disrupt operations. This dichotomy highlights the importance of bolstering cyber hygiene across all sectors, not just the most critical ones.
Iran’s Official Stance
Consistent with its usual approach, Iran continues to deny carrying out hacking campaigns against other countries while simultaneously reporting cyber incidents aimed at itself. This pattern of denial complicates attribution efforts and underscores the challenge of confronting state‑sponsored cyber threats that operate under a veil of plausible deniability.
Warnings from INCD and Shin Bet
In February, the INCD together with Israel’s internal security agency, the Shin Bet, issued a public update warning that since mid‑2025 there has been a campaign of hundreds of highly sophisticated cyber attacks targeting Israeli government officials, security personnel, academics, and media figures. The alert stressed that these operations are not random but part of a deliberate effort to gather intelligence, spread disinformation, and potentially destabilize key societal institutions.
Israel’s Dual Focus on Offense and Defense
Karadi reiterated that Israel is striving to develop “both the best cyber offense and defense.” He argued that a strong offensive capability deters adversaries and provides leverage, while a resilient defense safeguards national interests. Achieving this balance, he noted, requires substantial investment in talent, technology, and international collaboration.
United States‑Israel Cooperation
The partnership with the United States remains a cornerstone of Israel’s cyber strategy. Karadi described the cooperation as “still excellent,” highlighting joint training, intelligence sharing, and coordinated response mechanisms. He recalled personal meetings with U.S. counterparts that yielded “excellent results,” reinforcing the notion that the alliance is both deepening and yielding tangible benefits in the cyber domain.
New Cyber Liaison Agreement with Germany
Expanding its cooperative network, Israel recently signed an agreement to station a permanent cyber liaison in Germany. This move aims to enhance real‑time information exchange, align threat‑intelligence feeds, and facilitate rapid coordinated responses to cross‑border cyber incidents. Karadi framed the arrangement as part of a broader effort to work “very well with everyone,” underscoring Israel’s commitment to multilateral cybersecurity collaboration.
Broader Implications and Conclusion
The sharp rise in Iranian cyberattacks reflects the growing salience of cyberspace as a theater of state competition. While Israel has managed to shield its most critical systems, the escalating volume and sophistication of threats demand continuous improvement in defensive posture, offensive readiness, and international partnerships. The warnings from INCD and Shin Bet serve as a reminder that cyber threats now reach into the realms of governance, academia, and media—areas essential to democratic resilience. By strengthening ties with the United States, establishing a permanent presence in Germany, and fostering a culture of cyber vigilance across all sectors, Israel aims to stay ahead of an adversary that shows no sign of relenting in the digital arena. Ultimately, the experience underscores a universal lesson: in modern conflict, cyber defenses must be as agile and robust as their kinetic counterparts, and cooperation across borders is indispensable for maintaining security in an interconnected world.