Israel thwarts Iranian cyber campaign targeting security personnel
Hackers sought access to cameras and data to enable potential physical attacks.
Israel’s internal security agency, Shin Bet, together with the Israel National Cyber Directorate, has thwarted multiple attempts by Iranian hackers during the current war to collect intelligence on security personnel and defense-related industries, with the aim of enabling physical attacks.
Speaking to reporters on Tuesday, Cyber Directorate chief Yossi Karadi said the campaign has targeted a wide range of individuals and institutions. “We have identified attempts to specifically target security personnel, academia, the defense industry, and even family members of security personnel,” he said.
According to Karadi, attackers have attempted to gain control of surveillance cameras to monitor individuals and gather intelligence. “They are trying, among other things, to take over cameras in order to track people and collect intelligence with the intention of harming them. Fortunately, these efforts have not succeeded,” he said, adding that the Shin Bet is leading an intensive effort to counter such threats.
Since the start of the war, authorities have identified and thwarted 50 cyber incidents involving attempts to hack into public camera systems. “These are not isolated cameras, but broad, systemic attacks,” Karadi said. “The Iranians understand that camera security is often weak, and that access provides a high-quality intelligence tool.”
He acknowledged that some attempts have been successful, with attackers gaining access to a number of cameras. However, he stressed that most of these did not have operational security implications. “In incidents with potential security significance, we have managed to contain the majority of them,” he said.
In parallel, the Cyber Directorate has handled 50 incidents in which attackers penetrated organizational systems and deleted critical data, disrupting operations. This compares with 20 such incidents recorded between the start of Operation Rising Lion and the end of 2025.
“It’s like 50 missile impact sites,” Karadi said. “These are cases where attackers infiltrated an organization’s database, deleted it, and effectively halted operations until systems were restored from backups.” Most of the affected organizations were small businesses, although thousands of similar attack attempts, including against national infrastructure, have been identified.
The Directorate has also issued 525 targeted cyber alerts to organizations deemed at risk since the war began, compared with 2,305 alerts throughout all of 2025 and 518 in 2024.
Phishing activity has also intensified. Authorities have dismantled 3,180 malicious infrastructures used to collect personal and financial information. The average response time has dropped sharply, from 6 hours and 13 minutes at the start of the conflict to just 31 minutes.
“This translates into savings of hundreds of thousands of shekels for the Israeli economy,” Karadi said. “Research shows phishing attacks are most effective in the first minutes after distribution. Our goal is to reduce response times to six minutes to significantly limit their impact.”
Karadi warned that Iran is likely to continue its cyber efforts. “The Iranians are trying to create a perception of success in cyberspace,” he said. “The more vulnerabilities they identify, the more they will exploit them.”
He added that Israeli authorities remain particularly concerned about potential cyberattacks on critical infrastructure, including electricity, water systems, and the financial sector.
