Part 1: The Iran-Israel Cyber Standoff - The Hacktivist Front
Between June 12–18, 2025, over 35 pro-Iranian hacktivist groups launched coordinated cyberattacks against Israeli military, government, and infrastructure targets, using DDoS, data leaks, and disinformation. Only 4–5 pro-Israel groups responded. These unsophisticated yet widespread attacks continue a year-long trend of exaggeration and recycled data. CloudSEK recommends urgent DDoS mitigation, multi-factor authentication, threat monitoring, and stronger incident response protocols.
The Iran-Israel conflict experienced a significant escalation in cyber hacktivist activity between June 12-18, 2025, with over 35 distinct pro-Iranian groups launching coordinated attacks against Israeli infrastructure compared to only 4-5 identified pro-Israeli groups responding. This week-long surge follows the same tactical patterns observed throughout the broader June 2024-June 2025 period, demonstrating that hacktivist groups have not evolved their methodologies despite a full year of operations. The attacks predominantly consisted of DDoS assaults, website defacements, and claimed data breaches targeting government sites, military systems, and critical infrastructure, mirroring the unsophisticated approach used consistently over the past year. Most significantly, these recent attacks maintain the same pattern of exaggeration and disinformation that has characterized the broader hacktivist ecosystem, with groups continuing to take credit for unrelated service outages, recycle old data leaks, and inflate damage claims for media attention rather than achieving substantial operational impact.
Pro-Israel vs Pro-Iran Cyber Attacks
Pro-Iran Groups and Attacks
Group Name
Primary Attack
Targeted Entities
HackYourMom
Data breach/Credential leak
Multiple FTP and website systems
Liwa Muhammad ﷺ
DDoS attacks, Missile strike claims
Israeli Ministry of Defense, Unit 8200, Camero-Tech
Israeli government sites, educational institutions
Dark Storm Team
Website monitoring/targeting
Israeli government ministries
Cyber Fattah team
Cyberattacks, Information warfare
Israeli infrastructure
TEAM FEARLES
DDoS attacks
Israeli government website
Anonymous groups
DDoS, Website defacement
Various Israeli sites
Nation Of Saviors
DDoS attacks
Israeli government website
Red Wolf Cyber
Infrastructure attacks
Israeli Ministry of Defense
SYLHET GANG-SG
Service disruption
Tzofar Red Alert app, radio stations
DieNet
Data breach, Service disruption
Israel Antiquities Authority, radio stations
Laneh/Team Nest
Infrastructure attacks
Israeli energy infrastructure
APT IRAN
Data exfiltration, Ransomware
Israeli academic/government systems
Unified Islamic Cyber Resistance
ICS attacks
YBS (electric vehicle fleet management)
EvilMorocco
Data theft
757 GB Israeli infrastructure data
BD Anonymous
Data collection, Doxxing
Netanyahu personal info, Israeli data
Team 1722
Agency compromise
Israeli/US agencies
Islamic Hacker Army
System breach
IDF defense research computers
RootSec
Account hijacking
Israeli Instagram accounts
MadCapZone
Alert system attack
Tzofar system
Fatah cyber team
Infrastructure attacks
Israeli systems
Lebanese groups
DDoS attacks
Camero-Tech radar systems
Handala Hack
Data breach
Israeli military systems, Delek Group
Arabian Ghosts
DDoS attacks
Bank of Israel, Barzilai Medical Center
TwoNet
DDoS, Data dumps
Israeli defense/tech companies
Fatimion Cyber Team
Government system attacks
Israeli Air Force, government sites
REVOLUSI HIME666
Data breach
aurion-hosting.co.il
R3V0XAn0nymous
Website attacks
BNP Paribas Israel, Ministry of Education
INTEID
Multi-sector attacks
Israeli news, telecom, medical orgs
Pro-Israel Groups and Attacks
Group Name
Primary Attack
Targeted Entities
Syrian Electronic Army
Data breach, Infrastructure targeting
Iranian tech companies, nuclear facilities claims
Anonymous OpIran
Unspecified attacks
Iranian entities, IRGC facilities
Israeli hackers (via proxies)
Cyberattacks
Palestinian movements, solidarity groups
Predatory Sparrow
Defensive operations
Thwarted Iranian phone battery attack
Unattributed Israeli operations
Infrastructure attacks
Iranian nuclear sites, military facilities
Attack Statistics Summary
Category
Number of Groups
Primary Methods
Pro-Iran Groups
35+ distinct groups
DDoS (most common), Data breaches, Ransomware, ICS attacks, Service disruption
Pro-Israel Groups
4–5 identified groups
Infrastructure targeting, Data breaches, Defensive operations
Key Observations
Attack Sophistication:
Pro-Iran groups: Mix of simple DDoS to complex ICS attacks
Pro-Israel groups: More targeted infrastructure operations
Geographic Distribution:
Anti-Israel groups: Iran, Palestine, Indonesia, Lebanon, Yemen, international Anonymous affiliates
Pro-Israel groups: Less geographically diverse
Target Selection:
Anti-Israel: Government sites, military systems, critical infrastructure, civilian services
Pro-Israel: Nuclear facilities, military infrastructure, tech companies
This analysis is based on the claims made in the hacktivist groups and does not verify the accuracy or success of these claimed attacks.
Hacktivist Campaigns (Jun 2024–Jun 2025)
Target Scope:
Attacks escalated against government bodies, election infrastructure, critical services, and high-visibility digital platforms.
Geopolitical focus:
Pro-Russian groups hit the EU (parliamentary elections) and UK (general election).
Pro-Palestinian/Islamist groups targeted Israel and India in response to military actions.
American and European assets frequently targeted for ideological or retaliatory reasons.
Motivations:
Driven by real-world events, arrests, or perceived injustices.
Examples:
Surge in attacks post Pahalgam terror incident (India) and Israel-Iran strikes (June 2025).
Justifications often rooted in nationalism, anti-Western sentiment, or religious causes (e.g., #FreeDurov, Operation Sindoor).
Tactics Used:
Predominantly DDoS, website defacement, and basic data leaks.
Data usually sourced from compromised credentials or misconfigured systems.
Notable groups like RipperSec and Mr_Hamza used combined takedown + defacement strategies.
Rise in multi-vector DDoS and short-lived data leaks, though most remain technically basic.
Narrative Manipulation & Attribution Issues:
Frequent exaggeration or fabrication of "breaches."
Groups often:
Claim credit for unrelated outages.
Reuse or repackage old leaks.
Inflate impact for media attention.
Attribution is murky due to shared handles, recycled themes, and cross-group narratives.
Some consistency is observed in groups like NoName057(16) and DieNet, but much of the scene is driven by theatrics.
Recommendations
Based on this analysis, immediate security measures should include:
Implement robust DDoS protection across government and critical infrastructure websites, including rate limiting, traffic filtering, and content delivery network services to mitigate the most common attack vector
Strengthen credential security through mandatory multi-factor authentication, regular password updates, and privileged access management systems to prevent unauthorized access from compromised credentials
Establish threat intelligence monitoring of hacktivist Telegram channels and social media platforms to provide early warning of planned campaigns and coordinate defensive responses
Develop incident response protocols that include rapid assessment capabilities to distinguish between actual breaches and false claims, preventing unnecessary panic and resource allocation
Enhance public communication strategies to counter disinformation campaigns by providing factual updates on attack impacts and correcting exaggerated claims made by hacktivist groups
Implement network segmentation for critical systems to limit the potential impact of successful intrusions and prevent lateral movement within organizational networks
Conduct regular security assessments of public-facing assets to identify and remediate misconfigurations that could be exploited by opportunistic attackers
Part 1: The Iran-Israel Cyber Standoff - The Hacktivist Front
Between June 12–18, 2025, over 35 pro-Iranian hacktivist groups launched coordinated cyberattacks against Israeli military, government, and infrastructure targets, using DDoS, data leaks, and disinformation. Only 4–5 pro-Israel groups responded. These unsophisticated yet widespread attacks continue a year-long trend of exaggeration and recycled data. CloudSEK recommends urgent DDoS mitigation, multi-factor authentication, threat monitoring, and stronger incident response protocols.
Get the latest industry news, threats and resources.
Executive Summary
The Iran-Israel conflict experienced a significant escalation in cyber hacktivist activity between June 12-18, 2025, with over 35 distinct pro-Iranian groups launching coordinated attacks against Israeli infrastructure compared to only 4-5 identified pro-Israeli groups responding. This week-long surge follows the same tactical patterns observed throughout the broader June 2024-June 2025 period, demonstrating that hacktivist groups have not evolved their methodologies despite a full year of operations. The attacks predominantly consisted of DDoS assaults, website defacements, and claimed data breaches targeting government sites, military systems, and critical infrastructure, mirroring the unsophisticated approach used consistently over the past year. Most significantly, these recent attacks maintain the same pattern of exaggeration and disinformation that has characterized the broader hacktivist ecosystem, with groups continuing to take credit for unrelated service outages, recycle old data leaks, and inflate damage claims for media attention rather than achieving substantial operational impact.
Pro-Israel vs Pro-Iran Cyber Attacks
Pro-Iran Groups and Attacks
Group Name
Primary Attack
Targeted Entities
HackYourMom
Data breach/Credential leak
Multiple FTP and website systems
Liwa Muhammad ﷺ
DDoS attacks, Missile strike claims
Israeli Ministry of Defense, Unit 8200, Camero-Tech
Israeli government sites, educational institutions
Dark Storm Team
Website monitoring/targeting
Israeli government ministries
Cyber Fattah team
Cyberattacks, Information warfare
Israeli infrastructure
TEAM FEARLES
DDoS attacks
Israeli government website
Anonymous groups
DDoS, Website defacement
Various Israeli sites
Nation Of Saviors
DDoS attacks
Israeli government website
Red Wolf Cyber
Infrastructure attacks
Israeli Ministry of Defense
SYLHET GANG-SG
Service disruption
Tzofar Red Alert app, radio stations
DieNet
Data breach, Service disruption
Israel Antiquities Authority, radio stations
Laneh/Team Nest
Infrastructure attacks
Israeli energy infrastructure
APT IRAN
Data exfiltration, Ransomware
Israeli academic/government systems
Unified Islamic Cyber Resistance
ICS attacks
YBS (electric vehicle fleet management)
EvilMorocco
Data theft
757 GB Israeli infrastructure data
BD Anonymous
Data collection, Doxxing
Netanyahu personal info, Israeli data
Team 1722
Agency compromise
Israeli/US agencies
Islamic Hacker Army
System breach
IDF defense research computers
RootSec
Account hijacking
Israeli Instagram accounts
MadCapZone
Alert system attack
Tzofar system
Fatah cyber team
Infrastructure attacks
Israeli systems
Lebanese groups
DDoS attacks
Camero-Tech radar systems
Handala Hack
Data breach
Israeli military systems, Delek Group
Arabian Ghosts
DDoS attacks
Bank of Israel, Barzilai Medical Center
TwoNet
DDoS, Data dumps
Israeli defense/tech companies
Fatimion Cyber Team
Government system attacks
Israeli Air Force, government sites
REVOLUSI HIME666
Data breach
aurion-hosting.co.il
R3V0XAn0nymous
Website attacks
BNP Paribas Israel, Ministry of Education
INTEID
Multi-sector attacks
Israeli news, telecom, medical orgs
Pro-Israel Groups and Attacks
Group Name
Primary Attack
Targeted Entities
Syrian Electronic Army
Data breach, Infrastructure targeting
Iranian tech companies, nuclear facilities claims
Anonymous OpIran
Unspecified attacks
Iranian entities, IRGC facilities
Israeli hackers (via proxies)
Cyberattacks
Palestinian movements, solidarity groups
Predatory Sparrow
Defensive operations
Thwarted Iranian phone battery attack
Unattributed Israeli operations
Infrastructure attacks
Iranian nuclear sites, military facilities
Attack Statistics Summary
Category
Number of Groups
Primary Methods
Pro-Iran Groups
35+ distinct groups
DDoS (most common), Data breaches, Ransomware, ICS attacks, Service disruption
Pro-Israel Groups
4–5 identified groups
Infrastructure targeting, Data breaches, Defensive operations
Key Observations
Attack Sophistication:
Pro-Iran groups: Mix of simple DDoS to complex ICS attacks
Pro-Israel groups: More targeted infrastructure operations
Geographic Distribution:
Anti-Israel groups: Iran, Palestine, Indonesia, Lebanon, Yemen, international Anonymous affiliates
Pro-Israel groups: Less geographically diverse
Target Selection:
Anti-Israel: Government sites, military systems, critical infrastructure, civilian services
Pro-Israel: Nuclear facilities, military infrastructure, tech companies
This analysis is based on the claims made in the hacktivist groups and does not verify the accuracy or success of these claimed attacks.
Hacktivist Campaigns (Jun 2024–Jun 2025)
Target Scope:
Attacks escalated against government bodies, election infrastructure, critical services, and high-visibility digital platforms.
Geopolitical focus:
Pro-Russian groups hit the EU (parliamentary elections) and UK (general election).
Pro-Palestinian/Islamist groups targeted Israel and India in response to military actions.
American and European assets frequently targeted for ideological or retaliatory reasons.
Motivations:
Driven by real-world events, arrests, or perceived injustices.
Examples:
Surge in attacks post Pahalgam terror incident (India) and Israel-Iran strikes (June 2025).
Justifications often rooted in nationalism, anti-Western sentiment, or religious causes (e.g., #FreeDurov, Operation Sindoor).
Tactics Used:
Predominantly DDoS, website defacement, and basic data leaks.
Data usually sourced from compromised credentials or misconfigured systems.
Notable groups like RipperSec and Mr_Hamza used combined takedown + defacement strategies.
Rise in multi-vector DDoS and short-lived data leaks, though most remain technically basic.
Narrative Manipulation & Attribution Issues:
Frequent exaggeration or fabrication of "breaches."
Groups often:
Claim credit for unrelated outages.
Reuse or repackage old leaks.
Inflate impact for media attention.
Attribution is murky due to shared handles, recycled themes, and cross-group narratives.
Some consistency is observed in groups like NoName057(16) and DieNet, but much of the scene is driven by theatrics.
Recommendations
Based on this analysis, immediate security measures should include:
Implement robust DDoS protection across government and critical infrastructure websites, including rate limiting, traffic filtering, and content delivery network services to mitigate the most common attack vector
Strengthen credential security through mandatory multi-factor authentication, regular password updates, and privileged access management systems to prevent unauthorized access from compromised credentials
Establish threat intelligence monitoring of hacktivist Telegram channels and social media platforms to provide early warning of planned campaigns and coordinate defensive responses
Develop incident response protocols that include rapid assessment capabilities to distinguish between actual breaches and false claims, preventing unnecessary panic and resource allocation
Enhance public communication strategies to counter disinformation campaigns by providing factual updates on attack impacts and correcting exaggerated claims made by hacktivist groups
Implement network segmentation for critical systems to limit the potential impact of successful intrusions and prevent lateral movement within organizational networks
Conduct regular security assessments of public-facing assets to identify and remediate misconfigurations that could be exploited by opportunistic attackers