Newsletter
Newsletter Support JNS

Microsoft: Iranian cyberattacks on Israel have soared since Oct. 7

The attacks and “influence operations” have grown in number, sophistication and geographic scope since the start of the war, according to Microsoft’s Threat Analysis Center.

Hacking, Internet, Data, Cyber Security
Data graphic. Credit: Pixabay.

Iran’s online disinformation activities and cyber attacks on Israel have risen dramatically since Oct. 7, according to a Microsoft report released on Monday.

“Iran’s activity quickly grew from nine Microsoft-tracked groups active in Israel during the first week of the war to 14 two weeks into the war. Cyber-enabled influence operations went from roughly one operation every other month in 2021 to 11 in October 2023 alone,” wrote Clint Watts, general manager of Microsoft’s Threat Analysis Center.

“As the war progressed, Iranian actors expanded their geographic scope to include attacks on Albania, Bahrain and the USA. They also increased their collaboration, enabling greater specialization and effectiveness,” Watts continued.

These cyberattacks grew “increasingly targeted and destructive” and so-called influence operation campaigns “increasingly sophisticated and inauthentic,” involving networks of social-media “sockpuppet” accounts, according to the report.

The campaign was successful, wrote Watts, noting a 42% increase in traffic to Iranian news sites from the United States, Britain, Canada, Australia and New Zealand during the first month of the war. That level has dropped somewhat, but Western traffic to Iranian media sites remains 28% above pre-war levels, he noted.

Iran’s efforts were aimed to “undermine Israel and its supporters across the internet and social media, causing general confusion and a loss of trust,” he said. Tehran’s four-pronged approach includes exacerbating domestic political and social rifts in target countries, cyberattacks against Israeli infrastructure in “retaliation” for the war in Gaza, intimidating Israeli supporters and their families and undermining international support for Israel.

The report highlighted a new Iranian trend of hackers masquerading as Israelis.

“In one recent operation, ‘Tears of War,’ Iranian operatives convinced Israelis to hang branded ‘Tears of War’ banners using AI-generated images in Israeli neighborhoods, based on Israeli press reporting,” the report said.

The report also raises concern about increased collaboration between various Iran-affiliated hacker groups. This “allows each group to contribute existing capabilities and removes the need for a single group to develop a full spectrum of tooling or tradecraft,” said Watts.

The findings raise troubling concerns for the future, especially with the prospect of similar influence campaigns to disrupt the U.S. presidential elections, he added.

“Amid the rising potential of a widening war, we expect Iranian influence operations and cyberattacks will continue to be more targeted, more collaborative and more destructive as the Israel-Hamas conflict drags on. Iran will continue to test redlines, as they have done with an attack on an Israeli hospital and U.S. water systems in late November,” the report stressed.

“The increased collaboration we have observed between different Iranian threat actors will pose greater threats in 2024 for election defenders who can no longer take solace in only tracking a few groups. Rather, a growing number of access agents, influence groups, and cyber actors makes for a more complex and intertwined threat environment.”

With Lt. Gov. Sara Rodriguez suspending her campaign, state Rep. Francesca Hong, a Democratic Socialists of America member with a record of anti-Israel activism, and former Lt. Gov. Mandela Barnes have emerged as the Democratic Party’s leading candidates ahead of the Aug. 11 primary.
Rep. Jake Auchincloss accused President Trump and Prime Minister Netanyahu of breaking the compact underlying U.S. military assistance to Israel by launching the war against Iran.
“I want to maintain the dialogue and the conversation, because I think they need to work harder to try to figure out how to get more friends instead of creating more enemies,” the Washington Democrat said.
“The rules that they’ve been using to build these data centers were not intended for these kinds of data centers,” David Greenfield, of Met Council, told JNS. “Now they’re happening very frequently, and they’re having unintended consequences.”
She helped turn JINSA into the “very significant face of the American Jewish community to the US military,” the JNS publisher said.
The 15 still appear on the AIPAC website in a section about candidates it supports, but users are no longer offered links with which to donate to the candidates.