As Israelis scrambled for bomb shelters during a recent Iranian missile strike, some Android users received texts offering a link to real-time shelter information. The link didn’t lead to a helpful app — it downloaded spyware, giving attackers access to the device’s camera, location, and all stored data. Security researchers attributed the operation to Iran, and it illustrated something broader: cyberattacks are no longer a backdrop to conventional conflict. They’re woven into it.
Gil Messing, chief of staff at Check Point Research, called the timing of the texts unprecedented. “This was sent to people while they were running to shelters to defend themselves,” he said. “The fact it’s synced and at the same minute … is a first.” The combination of a physical missile strike and a simultaneous digital trap marked a new level of coordination between Iran’s conventional and cyber capabilities.
High Volume, Low Impact — For Now
Investigators at Utah-based security firm DigiCert have tracked close to 5,800 cyberattacks linked to the conflict, mounted by roughly 50 different Iran-affiliated groups. Most targeted U.S. and Israeli organizations, though attacks on networks in Bahrain, Kuwait, Qatar, and other regional countries have also been recorded.
The majority of these attacks haven’t caused severe damage to military or economic infrastructure — but they’ve forced companies to patch vulnerabilities quickly and devote significant resources to defense even when attacks fail. “There are a lot more attacks happening that aren’t being reported,” said Michael Smith, DigiCert’s field chief technology officer.
Many operations appear designed more for psychological effect than material disruption. A pro-Iranian hacking group recently claimed to have infiltrated an account belonging to FBI Director Kash Patel, posting what appeared to be years-old personal documents and photographs. The breach was splashy but contained little of operational value — consistent with a broader pattern of attacks meant to signal reach and undermine confidence rather than damage critical systems.
Smith described these high-volume, low-impact campaigns as “a way of telling people in other countries that you can still reach out and touch them even though they’re on a different continent. That makes them more of an intimidation tactic.”
Health Care and Critical Infrastructure in the Crosshairs
Not all of the attacks have been low-stakes. Iran-linked hackers claimed responsibility for breaching Stryker, a Michigan-based medical technology company, framing it as retaliation for alleged U.S. military actions. Separately, cybersecurity firm Halcyon documented a ransomware attack on an unnamed health care organization using tools that U.S. authorities have previously linked to Iran. The attackers never issued a ransom demand — suggesting the goal was destruction and disruption rather than financial gain.
“This suggests a deliberate focus on the medical sector rather than targets of opportunity,” said Cynthia Kaiser, senior vice president at Halcyon. “As this conflict continues, we should expect that targeting to intensify.”
Security analysts warn that Iran’s most likely future targets include supply chains supporting the war effort, critical infrastructure such as ports, rail networks, water treatment facilities, and hospitals — the weakest links in the broader system. Data centers, now vital to both military communications and the civilian economy, have also been targeted with both cyber and conventional means.
AI Is Accelerating Both Attack and Defense
Artificial intelligence is playing a growing role on both sides of the conflict. For attackers, it enables higher volumes of activity and automates portions of the intrusion process, lowering the skill floor for launching sophisticated-looking attacks. For defenders, it speeds up threat detection and response.
Director of National Intelligence Tulsi Gabbard recently told Congress that AI “will increasingly shape cyber operations with both cyber operators and defenders using these tools to improve their speed and effectiveness.”
AI has also fueled a disinformation dimension to the conflict. Fabricated images of atrocities and staged battlefield victories have circulated widely, with one deepfake image of sunken U.S. warships reportedly accumulating over 100 million views. Iranian state media has gone further — labeling authentic war footage as fake while substituting doctored images, according to research by disinformation tracking firm NewsGuard.
The U.S. has responded institutionally. The State Department opened a Bureau of Emerging Threats focused on new technologies and their potential use against American interests, joining parallel efforts already underway at the Cybersecurity and Infrastructure Security Agency and the National Security Agency. Experts say the cyber dimension of the conflict is unlikely to stop even if a ceasefire is reached — digital operations are cheaper, less risky, and harder to attribute than conventional ones, making them an enduring tool of pressure regardless of battlefield conditions.