A Multi-Front War: The Iran-Israel cyber conflict and lessons for India

Written by

Srishti Gupta

Post Date

October 15, 2025

comments

No Comments

Building India’s Shield Against Foreign Information Manipulation and Interference

A Multi-Front War: The Iran-Israel cyber conflict and lessons for India

As the Israeli-Iranian conflict continues to deepen, it has evolved into a cyber war with multiple layers. On one side, there are state-sponsored attacks. On the other hand, there is hacktivism and advanced information warfare. This cyber front is not a minor issue, but an integral part of their rivalry, with an impact that could affect third-party nations due to the risks of fallout, both as a threat and a lesson.

The escalation: from sabotage to financial warfare

The cyber war between Iran and Israel has a distinct evolution in a world of high stakes. The first-ever digital attempt to physically cause damage was the Stuxnet worm in 2010¹. This was a corporate US and Israeli focus on Iran’s uranium enrichment centrifuges, which temporarily put a halt to Iran’s nuclear program. This marked the beginning of a shift from physical sabotage to financial warfare.

In recent years, escalating hostilities in the cyber domain have underscored Israel’s determination to defend its national interests and civilian safety. Facing continuous cyber threats from Iran many of which have targeted critical Israeli infrastructure, including water facilities Israel has demonstrated remarkable restraint and precision in its responses. In 2020, Israel purportedly retaliated against Iran’s Shahid Rajaee port by launching an attack on its computer systems². The strike was launched in retaliation for an alleged Iranian cyberattack. The attack in question, which is believed to have been launched in retaliation for an alleged Iranian cyberattack on Israel’s water infrastructure, precipitated extensive traffic congestion for truck and ship traffic³. Further ahead, in 2025, an Israeli hacking group went after Iranian financial institutions. The style of wiper malware that was used to eliminate data at Bank Sepah, one of Iran’s large state-run banks, was attributed to this group in a recent attack⁴. The attack led to service outages and the malfunctioning of ATMs. The group further asserted that they liquidated about $90 million in cryptocurrency from Iran’s largest cryptocurrency exchange, Nobitex, by sending the funds to ‘burn wallets’ alongside anti-IRGC statements⁵.

A War of Hacking and False Narratives

Aside from physical, military, and financial damage, the dispute is regarding a struggle for critical information and its outlook. Both parties employ digital means of hacking and advanced forms of information control. It is alleged that hackers supported by Iran have penetrated diplomatic networks to conduct surveillance on the negotiations for the Gaza ceasefire in 2025. They got the email of an Omani official, which gave them the opportunity to send malware-

laden documents that were disguised as real emails to Egyptian, American, and Qatari officials⁶. This underscores the use of cyber operations to shape diplomatic outcomes. Hence, the ongoing conflict provides a stark example of cyber operations and disinformation campaigns, which employs disruptive methods against an information ecosystem. Influence campaigns have been launched by both parties on social media. To Israelis, fake text messages have been sent, purporting to be government notifications of false threats such as the looming shortage of fuel⁷. The scale and impact of information warfare have recently been amplified by the use of AI-generated content. The divide between state-sponsored campaigns and hacktivism is non-existent. Both opposing sides employ these methods with political motives to advance their strategic goals.

The strategic imperatives and the lessons for India

The impact of these conflicts extends beyond immediate participants. Third parties bear the costs of global spillover and therefore must prepare themselves. The conflict makes it overwhelmingly clear that the cyber vulnerabilities of a state, no matter how distant, can be exploited by foreign adversaries. And especially in the case of India, as the digital infrastructure expands, the country is susceptible to direct as well as indirect exposure through supply chain risk and narrative amplification. The attacks are part of a wider campaign of hybrid warfare. What is unique about cyberspace attacks is that they can ‘shape and augment the information environment’. For India, that is to mean that the defence plan needs to repel not only technical attacks but also disinformation campaigns designed to create social fault lines as well as subvert national cohesion. There is an urgent need to develop a geopolitical task force to deal with cyber intelligence, ramp up regional cooperation, and spend money on cyber literacy and monitoring disinformation, all of which are very critical to India. There is a need to develop resilience to this new type of warfare through proactive as well as coordinated responses.

The seemingly naïve psychological warfare needs to be taken as a severe form of manipulation. They are used to spread disinformation and sow panic. Psychological warfare is a core element of disinformation campaign, which seeks to influence public perception and behavior by appealing to emotions and exaggerating fears. It creates a sense of urgency and threat. A similar tactic was seen with false text messages sent to Israeli citizens, pretending to be from Israel’s official Home Front Command, warning of immediate threats like fuel shortages or terrorist threats. In another instance, Israel thwarted an Iranian cyberattack that lured veterans with PTSD to a fake mental health support website to steal their personal information⁸. In return, Israel too attempted a state TV hijacking, as a symbolic act of cyber warfare. Iranian state television was briefly hijacked during a live broadcast, and viewers saw anti-regime messages on screen, sending a powerful message of psychological propaganda⁹.

Beyond this, disinformation campaigns also include operations of inauthentic accounts and bots to amplify certain narratives artificially. The Iran-Israel conflict comes as a compelling case study, where one observes a surge of such bots. with pro-Iranian groups outnumbering pro-Israeli groups. These groups use DDoS attacks and disinformation to spread their message. The widespread use of AI-generated content in these influence operations significantly compounds the scale and impact of the informational warfare. Disinformation Campaigns are not just about what is ‘spread’, but is also about what is ‘suppressed’. An example of this was Iran imposing a ‘near-total internet blackout’ to restrict access to information deliberately¹⁰.

The conflict also underlines the urgent need for worldwide cooperation and a coherent body of laws on cyber warfare. Legal definitions in the virtual domain for a ‘use of force’ as also an ‘armed attack’ are unclear. International jurisprudence, as in the case of the UN Charter in Article 51, provides for self-defence in the event of an armed attacks¹¹., but determining that a cyber operation crosses this threshold is highly flawed in the absence of large-scale physical damage or casualties. Secondly, defining state responsibility for attacks emanating from cyberspace is very problematic, given the potential that attacks can occur anywhere in third countries. The conflict also underlines the need for worldwide deliberation towards signing a convention on cybercrime involving all the great powers.

Often, we locate the state when it comes to warfare. However, in the case of cyberattacks, a significant portion of critical infrastructure and digital services is owned and operated by the private sector. The private sector can provide valuable resources and expertise, and collaboration between governments and private entities is crucial for strengthening cyber defences and sharing threat intelligence. It is time to decentralize the process and pull down on the gatekeeping, to use the best talent pool for comprehensive defence. Its time to incentivize private sector cyber resilience.

The regional cyber diplomacy, as well as the Comprehensive Security Incident Response Team (CSIRT) collaboration, needs to become stronger. India is vulnerable to direct as well as indirect exposure, as the economy is rapidly digitising, as well as due to the large population. Through strengthened international as well as regional collaboration, India can improve information sharing on threats, align incident responses, and cultivate mutual defence against cross-country cross-border attacks. Increased application of recycled information, as well as narrative amplification mechanisms, renders establishing a robust ‘National Disinformation Monitoring System’ imperative for India. India needs investments in systems detecting, analysing, and rebutting constructed fictions that can find use in conflict. The utilisation that conflict has put on critical sectors, such as banks, as well as OT systems, accentuates India’s need to strengthen its important sectors to endure similar attacks. A cyber-literate populace is also the first line to fight phishing, social engineering, as well as dissemination of disinformation. Because the war is now not just fought on the borders through triggers and bullets, but with every seemingly naïve click possible.

The author, Srishti Gupta, is a research scholar at the Centre for West Asian Studies, Jawaharlal Nehru University, New Delhi.

References

• ¹BBC News. (2012, December 25). Iran ‘fends off new Stuxnet cyber attack. https://www.bbc.com/news/world-middle-east-20842113

• ²Al Jazeera. (2020, May 19). Israel cyberattack caused ‘total disarray’ at Iran port: Report. https://www.aljazeera.com/news/2020/5/19/israel-cyberattack-caused-total-disarray-at-iran-port-report

• ³ToI Staff. (2020, May 19). 6 facilities said hit in Iran’s cyberattack on Israel’s water system in April. The Times of Israel. https://www.timesofisrael.com/6-facilities-said-hit-in-irans-cyberattack-on-israels-water-system-in-april/

• ⁴Kapko, M. (2025, June 17). Iran’s Bank Sepah disrupted by cyberattack claimed by pro-Israel hacktivist group. CyberScoop. https://cyberscoop.com/iran-bank-sepah-cyberattack/

• ⁵Hackers attack Iran’s largest crypto exchange, destroying $90 million. (2025, June 18). NBC News. https://www.nbcnews.com/world/middle-east/hackers-attack-irans-largest-crypto-exchange-destroying-90-million-rcna213920

• ⁶Express Web Desk. (2025, August 30). Iran-backed hackers disrupted Gaza ceasefire negotiations, says Israeli cybersecurity firm. The Indian Express. https://indianexpress.com/article/world/iran-hackers-disrupted-gaza-ceasefire-negotiations-cybersecurity-firm-10219429/

• ⁷Jerusalem Post Staff. (2025, June 16). Israelis receive fake terror attack warning to trick them into staying out of bomb shelters. The Jerusalem Post. https://www.jpost.com/israel-news/article-857969

• ⁸Wullman, I. (2025, August). Iran tries to lure IDF veterans with fake PTSD support site in cyber-attack foiled by Israel. Ynetnews. https://www.ynetnews.com/tech-and-digital/article/rkpnxkytxe

• ⁹Jerusalem Post Staff. (2025, June 16). Israelis receive fake terror attack warning to trick them into staying out of bomb shelters. The Jerusalem Post. https://www.jpost.com/israel-news/article-857969

• ¹⁰TOI Tech Desk. (2025, June 21). Iran shuts down internet, ‘goes for near Blackout’ as conflict with Israel deepens. The Times of India. https://timesofindia.indiatimes.com/technology/tech-news/iran-shuts-down-internet-goes-for-near-blackout-as-conflict-with-israel-deepens/articleshow/121924528.cms

• ¹¹United Nations, Office of Legal Affairs, Codification Division. (n.d.). Chapter VII: Article 51 — Charter of the United Nations. Repertory of Practice of United Nations Organs. https://legal.un.org/repertory/art51.shtml