Iran-linked hackers open low-cost digital front as US-Israeli attacks mount

Mar 29, 2026· English· 南华早报

A plume of smoke rises from the site of a strike in Tehran, Iran, on Saturday.

Photo: Xinhua As they fled an Iranian missile strike, some Israelis with Android phones received a text offering a link to real-time information about bomb shelters.

But instead of a helpful app, the link downloaded spyware giving hackers access to the device’s camera, location and all its data.

The operation, attributed to Iran, showed sophisticated coordination and is just the latest tactic in a cyber conflict that pits the US and Israel against Iran and its digital proxies.

As Iran and its supporters seek to use their cyber capabilities to compensate for their military disadvantages, they are showing how disinformation, artificial intelligence and hacking are now ingrained in modern warfare.

The bogus texts received recently appeared to be timed to coincide with the missile strikes, representing a novel combination of digital and physical attacks, said Gil Messing, chief of staff at Check Point Research, a cybersecurity firm with offices in Israel and the US. “This was sent to people while they were running to shelters to defend themselves,” Messing said. “The fact it’s synced and at the same minute … is a first.” The digital fight is likely to persist even if a ceasefire is reached, experts said, because it is a lot easier and cheaper than conventional conflict and because it is designed not to kill or conquer, but to spy, steal and frighten.

While high in volume, most of the cyberattacks linked to the war have been relatively minor when it comes to damage to economic or military networks.

But they have put many US and Israeli companies on the defensive, forcing them to quickly patch old security weaknesses.

Investigators at the Utah-based security firm DigiCert have tracked nearly 5,800 cyberattacks so far mounted by nearly 50 different groups tied to Iran.

While most of the attacks targeted US or Israeli companies, DigiCert also found attacks on networks in Bahrain, Kuwait, Qatar and other countries in the region.

Many of the attacks are easily thwarted by the latest cybersecurity precautions.

But they can inflict serious damage on organisations with out-of-date security and impose a demand on resources even when unsuccessful.

Then there is the psychological impact on companies that may do business with the military. “There are a lot more attacks happening that aren’t being reported,” said Michael Smith, DigiCert’s field chief technology officer.

A pro-Iranian

原文链接: 南华早报