According to a report by Microsoft’s Threat Analysis Center, hackers associated with the Iranian government have been conducting cyber operations to support Hamas and weaken Israel, its political allies, and business partners since the start of the conflict between Hamas and Israel in October 2023. Initially, Iran’s operations were disorganized, indicating a lack of coordination with Hamas. However, over time, the campaign became more successful.
During the first week of the conflict, news sites controlled or affiliated with the Iranian state experienced a 42% increase in traffic growth. Even three weeks after the start of the confrontation, the traffic remained 28% higher than during peacetime. However, many of the attacks in the early days of the conflict were either leaks of old materials, previously obtained network access, or false claims, despite Iran’s initial statements.
Microsoft has tracked the activity of nine groups associated with Iran in Israel during the first week of the conflict. This number increased to 14 groups within two weeks. Additionally, Iran’s influence operations escalated from one operation every two months in 2021 to 11 operations in October 2023.
As the conflict progressed, Iranian hackers expanded their attacks to include Albania, Bahrain, and the USA. They also improved their cooperation, leading to greater specialization and effectiveness. In December 2023, Iran targeted streaming television services by releasing fake news videos using advanced artificial intelligence.
English-speaking countries closely aligned with the United States, such as Great Britain, Canada, Australia, and New Zealand, displayed a noticeable increase in interest in Iranian news sources. This suggests that Iran is capable of influencing Western audiences with its coverage of conflicts in the Middle East.
Iran conducted three phases of cyber operations during the Israel-Hamas situation. These phases ranged from operational and misleading attacks to an expansion of geographical coverage and an increase in the number of attacks on countries perceived as supporting Israel by Iran.
The main objectives of Iran’s cyber operations are to undermine Israel’s influence and that of its supporters on the internet and social networks. Iran aims to create confusion, erode trust, and destabilize by polarizing, seeking revenge, intimidating, and undermining international support for Israel.
Looking to the future, it is expected that Iran will continue to test boundaries, as seen in the attacks on an Israeli hospital and the US water supply system in late 2023. Moreover, the increasing cooperation between different Iranian hackers poses significant threats in 2024, particularly in the context of elections.