As expected, there has been clear, well-documented evidence of a dramatic escalation in cyberthreats linked to the ongoing Israel-Iran conflict. This surge includes both the frequency and sophistication of attacks, with direct implications for Israel, Iran, their allies, and potentially the United States’ infrastructure.
Surge in Cyberattacks
In the two days following Israel’s Operation Rising Lion (June 13, 2025), cyberattacks against Israeli targets surged by 700% compared to the period before the operation. These attacks have targeted a broad array of sectors, including government websites, banks, telecommunications, and critical infrastructure such as energy and water utilities. The campaigns have included distributed denial-of-service (DDoS) attacks, intrusion attempts, malware and data theft, ransomware, and destructive wiper malware. Most incidents have been disruptive—slowing or temporarily disabling services—rather than causing permanent destruction, but the scale and coordination are unprecedented.
Actors and Motivations
Iran’s diminished ability to respond militarily has made cyber operations an attractive alternative for retaliation. These attacks are intended not only to disrupt services but also to undermine public confidence and exert psychological pressure, often amplified by coordinated disinformation and influence campaigns using AI-driven botnets and fake social media accounts.
Iranian state-backed groups such as APT34 (OilRig), APT35 (Charming Kitten), APT39 (Remix Kitten), and CyberAv3ngers are leading the charge, often joined by ideologically aligned hacktivist collectives. Over 150 groups have been identified as participating in these cyber campaigns, with more than 100 targeting Israeli infrastructure.
Beyond Israel and Iran
While the majority of attacks have focused on Israel, there is growing concern that Iranian cyber operations could expand to target U.S. critical infrastructure and other Western interests, especially if these nations are perceived as supporting Israel. U.S. infrastructure providers are being urged to harden defenses against both direct intrusions and supply chain attacks. Threat actors have explicitly warned Saudi Arabia and Jordan of potential cyberattacks if they assist Israel, indicating a willingness to broaden the digital battlefield.
How Individuals Should React if Their Country Enters a Cyberwar
If a country enters a cyberwar, individuals face unique challenges and responsibilities. Above all, you must be proactive.
Prioritize Personal Cybersecurity
- Update Devices and Software: Regularly update operating systems, applications, and antivirus software to patch vulnerabilities that attackers may exploit.
- Use Strong, Unique Passwords: Create complex passwords for all accounts and consider using a password manager.
- Enable Two-Factor Authentication: Add an extra layer of security to important accounts, especially email, banking, and social media.
- Secure Devices: Lock devices with passwords, PINs, or biometrics, and enable remote locking or wiping features in case of loss or theft.
- Be Cautious Online: Avoid clicking on suspicious links or downloading files from untrusted sources, as these may contain malware or ransomware.
Prepare for Disruptions to Essential Services
- Backup Critical Data: Regularly back up important documents, photos, and files to secure offline or cloud storage.
- Keep Emergency Supplies: Store some cash, water, and basic supplies in case ATMs, utilities, or payment systems are temporarily unavailable due to attacks on infrastructure.
- Have Communication Plans: Plan how to contact loved ones if the internet or mobile networks go down. Consider alternative methods like landlines or predetermined meeting spots.
Stay Informed and Avoid Misinformation
- Rely on Trusted Sources: Follow official government channels and reputable news outlets for updates on cyber incidents.
- Be Skeptical of Social Media: Cyberwar often involves disinformation campaigns. Verify information before sharing and be wary of fake news intended to sow confusion or panic.
Exercise Caution Before Participating in Cyber Activities
- Legal and Ethical Risks: Engaging in offensive cyber operations (e.g., hacking foreign targets) can have serious legal consequences. Civilians who participate in such actions may lose legal protections and become targets themselves.
- International Humanitarian Law: Civilian hackers risk prosecution and physical or cyber retaliation if they directly participate in hostilities, and their actions may inadvertently harm other civilians or critical infrastructure.
- Leave Offensive Actions to Authorities: Defensive cybersecurity (protecting your own devices and networks) is encouraged, but offensive actions should be left to authorized government agencies.
Iran IP Address ranges
For reference, below are the major Iranian IP address ranges. Some of the most prominent IP address blocks assigned to Iran include:
- 5.220.0.0 – 5.221.255.255 (131,072 IPs)
- 5.117.255.0 – 5.119.1.255 (66,304 IPs)
- 2.146.5.0 – 2.146.255.255 (64,256 IPs)
- 2.144.6.0 – 2.144.191.255 (47,616 IPs)
- 2.176.192.0 – 2.177.85.255 (38,400 IPs)
- 2.178.0.0 – 2.178.130.255 (33,536 IPs)
- 164.215.128.0 – 164.215.255.255 (32,768 IPs)
- 5.239.0.0 – 5.239.127.255 (32,768 IPs)
- 2.177.130.0 – 2.177.255.255 (32,256 IPs)
- 188.159.0.0 – 188.159.111.255 (28,672 IPs).
Major Iran ISPs and ASN allocations
| ASN | Organization Name | Number of IPs |
|---|---|---|
| AS58224 | Iran Telecommunication Company PJS | ~3,200,000 |
| AS197207 | Mobile Communication Company of Iran PLC (MCI) | ~2,280,000 |
| AS44244 | Iran Cell Service and Communication Company (Irancell) | ~1,250,000 |
| AS12880 | Iran Information Technology Company PJSC | ~1,060,000 |
| AS57218 | Rightel Communication Service Company PJS | ~430,000 |
