Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific

Microsoft: Iran's Cyberattacks on Israel Exaggerated & Fabricated

Despite claims to the contrary, Iranian cyberattackers have been less strategic and more opportunistic over the last month as the Israel-Hamas war continues.

CCTV cameras mounted on a wall
Source: Zefrog via Alamy Stock Photo

Pro-Iranian hacktivists have made false claims about the strength of cyberattacks made against Israel in the current conflict with Hamas. Meanwhile, the allegations that Iranian state-sponsored attackers conducted pre-planned cyberattacks timed with Hamas' Oct. 7 terror attack on Israel are false.

That's according to Microsoft, which said that any claims of ransomware attacks by the groups "were almost certainly fabricated." For instance, Iranian actors claimed they successfully compromised cameras at a specific Israeli military installation, when it was revealed to be an untargeted compromise of connected webcams that have nothing to do with military targets.

"In reality, the compromised cameras were located at scattered sites outside any one defined region," according to Microsoft's report. "This suggests that despite Iran actors' strategic claims, this camera example was ultimately a case of adversaries continuing to opportunistically discover and compromise vulnerable connected devices and try to reframe this routine work as more impactful in the context of the current conflict."

Microsoft's Threat Intelligence Center also said the success of network attacks have been exaggerated and amplified "via a well-integrated deployment of information operations."

As for the Iranian Ministry of Intelligence and Security (MOIS) or Islamic Revolutionary Guard Corps (IRGC) coordinating any attacks to align with the physical attack on Oct. 7, Microsoft says it never happened. The earliest advanced persistent threat (APT) activity consisted of two separate "destructive attacks targeting infrastructure in Israel" conducted on Oct. 18. Microsoft didn't disclose details on the attacks.

That said, Microsoft Threat Intelligence anticipates that the longer the conflict goes on, the more likely it is Iranian operators will move from a reactive posture to more proactive activities.

About the Author

Dan Raywood, Senior Editor, Dark Reading

With more than 20 years experience of B2B journalism, including 12 years covering cybersecurity, Dan Raywood brings a wealth of experience and information security knowledge to the table. He has covered everything from the rise of APTs, nation-state hackers, and hacktivists, to data breaches and the increase in government regulation to better protect citizens and hold businesses to account. Dan is based in the U.K., and when not working, he spends his time stopping his cats from walking over his keyboard and worrying about the (Tottenham) Spurs’ next match.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights