As kinetic conflict continues to unfold between Israel and Iran, a parallel battle is raging in cyberspace—one that is disrupting financial systems, wiping out crypto holdings, hijacking broadcast channels, and even triggering a near-total internet shutdown. The escalation marks one of the most comprehensive campaigns of cyber warfare in recent memory.
A pro‑Israel hacktivist group known as Predatory Sparrow ("Gonjeshke Darande") has claimed responsibility for a string of disruptive attacks on key Iranian institutions.
Bank Sepah, one of Iran's oldest and most strategically essential banks, suffered major outages across its ATMs and online services on June 17th. The attackers claim they deleted data, exfiltrated internal documents, and destroyed backups to inflict maximum disruption.
On June 18th, the same group drained and "burned" more than $90 million in cryptocurrency from Nobitex, Iran's largest crypto exchange. Blockchain analytics firms confirmed that the stolen funds were not moved or laundered, but deliberately rendered inaccessible, indicating political rather than financial motivation.
As cyberattacks intensified, the Iranian government took the drastic step of cutting internet access across the country, beginning June 18th and extending into June 19th. Monitoring firm NetBlocks reported that Iran's connectivity dropped by more than 97%, effectively severing millions of citizens and businesses from the global internet.
This tactic, often reserved for election unrest or protests, appears to be a defensive measure aimed at impeding further cyber intrusions—and perhaps controlling the narrative as digital and kinetic attacks converge.
Adding to the disruption, reports surfaced on June 19th that Predatory Sparrow—or an affiliated group—infiltrated Iran's state broadcast systems, hijacking live television feeds to display protest imagery and anti-regime messages. The digital defacement was brief but symbolically powerful, undermining state control of official media during a period of heightened national tension.
On the same day, major U.S. cybersecurity groups—including the IT‑ISAC and Food & Ag‑ISAC—issued advisories warning that Iranian-affiliated threat actors may retaliate globally, targeting American companies across sectors like energy, finance, healthcare, and logistics. The alerts urge CISOs to elevate monitoring and reinforce incident response protocols in light of heightened geopolitical risk.
The Israel–Iran cyber conflict has been simmering for years, reaching public awareness during operations like Stuxnet and subsequent cyber retaliation campaigns. But this moment represents a turning point, with public-facing, destructive attacks becoming tools of psychological and economic warfare.
John Hultquist, Chief Analyst at Google's Threat Intelligence Group, commented on LinkedIn: "We expect Iranian cyber threat actors to rededicate themselves to attacks against Israeli targets in light of the recent military actions.... Iranian cyber activity has not been as extensive outside of the Middle East but could shift.... New activity may threaten privately owned critical infrastructure, or even private individuals."
He emphasized that while many operations have limited technical success, their true power lies in their ability to create psychological disruption. "The goal of many of these operations is psychological rather than practical, and it is important not to overestimate their impact," Hultquist wrote.
The convergence of attacks on finance, broadcast media, and internet infrastructure suggests a coordinated campaign to weaken Iran's social, economic, and communication pillars—and sets a precedent for modern conflict where cyberspace is treated as a coequal domain of war.
[RELATED: Cyberattack on Iranian Steel Industry Disrupts Operations]
1. Monitor for Iranian and Israeli TTPs
Stay alert for tools, techniques, and procedures (TTPs) associated with known threat groups like Predatory Sparrow, APT34 (OilRig), and other Iran-linked actors. Update detection rules for wipers, destructive malware, and insider reconnaissance.
2. Prepare for collateral impact
Even if your organization is not directly connected to the conflict, global businesses may suffer supply chain delays, DDoS attacks, or phishing campaigns as cover for espionage or disruption.
3. Harden financial and cloud infrastructure
This conflict has already demonstrated the vulnerability of fintech, crypto platforms, and core banking systems. Ensure segmentation, disaster recovery planning, and anomaly detection are active and validated.
4. Simulate degraded connectivity
Iran's internet shutdown shows how a government might "air-gap" its infrastructure in real time. U.S. firms with international operations should simulate regional internet loss to assess resilience.
5. Watch for disinformation and media targeting
State broadcasters were compromised, raising concerns about future campaigns targeting media networks, SCADA-connected systems, or public trust channels. Prepare for attacks that go beyond data, targeting perception and morale.
The cyber domain is no longer a silent shadow of geopolitical conflict—it's now a loud, visible, and destructive front in its own right. The evolving cyberwar between Israel and Iran shows how fast digital warfare can scale, how strategic its targets can be, and how global its implications may become.
This is not just a Middle East issue. It's a call to action for every CISO watching the horizon.
[RELATED: Cyber Powers: Ranking the Top 30 Nations by Capabilities, Intent]
Follow SecureWorld News for more stories related to cybersecurity.