Key Takeaways
- Iran-linked cyber incidents against Israel jumped from 1,600 in June 2025 to 4,800 in June 2026
- Critical infrastructure has been defended successfully so far, but law firms and accounting practices have been breached
- Israeli cyber chief warns there is 'no ceasefire in cyberspace' despite any kinetic agreements
Iran-linked cyberattacks against Israel tripled over the past year, jumping from roughly 1,600 hostile incidents in June 2025 to 4,800 in June 2026. That's according to Yossi Karadi, Director General of Israel's National Cyber Directorate, in an interview with German newspaper Die Welt published Monday.
The spike correlates directly with the U.S.-Israeli military offensive against Iran that began earlier this year. Karadi's numbers suggest a 200% increase in attack volume within twelve months. For context, 4,800 monthly incidents means Israel's cyber defenders are handling around 160 attacks per day.
Who's getting hit?
The attacks target a wide range of organizations. Critical infrastructure, government bodies, and major companies top the list. But Karadi specifically called out smaller targets: law practices and accounting firms.
These smaller firms often lack the security budgets of larger enterprises. The result? Complete system wipes. Karadi didn't name specific victims, but the pattern is clear. Attackers probe for weak points across the entire economy, not just high-profile targets.
"So far, and hopefully it stays that way, we've managed to fend off attacks on critical infrastructure," Karadi said. The qualifier matters. Israel's cyber chief isn't claiming invincibility. He's acknowledging that defenses have held under sustained pressure, but the threat remains active.
No ceasefire in cyberspace
Karadi's most quotable line cuts to the strategic reality: "Unlike in the kinetic realm, there's no ceasefire in cyberspace." Even if conventional military operations pause, cyber operations continue. They're cheaper, deniable, and don't require physical presence.
He characterized some Iranian groups as "very skilled" while maintaining confidence in Israeli capabilities. "We can handle them, but we have to take them seriously," he said. That's a measured assessment. Not dismissive, not alarmist.
Iran typically denies involvement in offensive cyber operations against other countries. Tehran regularly reports attacks on its own infrastructure but frames itself as a target rather than an aggressor. This denial pattern has held for years, regardless of attribution evidence.
What the numbers actually mean
A few caveats on the 4,800 figure. "Hostile cyber incidents" is a broad category. It likely includes everything from sophisticated intrusion attempts to basic reconnaissance probes. Not every incident represents a successful breach or even a serious threat.
Still, volume matters. Defenders must investigate and respond to each incident. Tripling the attack rate tripling the burden on security teams. Fatigue and alert overload create openings.
The timing also matters. June 2025's 1,600 incidents came during active military operations. June 2026's 4,800 came during continued tensions. The escalation suggests Iran has either scaled up its cyber capabilities, increased resource allocation, or both.
The broader pattern
This isn't a new conflict. Iran and Israel have been engaged in cyber operations against each other for over fifteen years. The 2010 Stuxnet attack on Iranian nuclear facilities, widely attributed to U.S.-Israeli collaboration, marked an escalation point. Iran has been building offensive capabilities ever since.
What's changed is the intensity and the willingness of senior officials to discuss numbers publicly. Karadi's interview with a German newspaper signals that Israel wants international awareness of what it faces. That's a diplomatic move as much as a security update.
Logicity's Take
For tech leaders outside the Israel-Iran theater, the key lesson is operational: a 3x surge in attack volume can happen fast when geopolitical tensions escalate. Most organizations plan for steady-state threat levels, not sudden spikes. The fact that Israel's smaller professional services firms got hit while critical infrastructure held suggests tiered defenses work, but only if you're in the right tier. Companies with minimal security investment should assume they're in the 'wipeable' category during any regional cyber escalation.
Frequently Asked Questions
How many cyberattacks does Israel face from Iran monthly?
According to Israel's cyber chief, roughly 4,800 hostile cyber incidents per month as of June 2026, up from 1,600 the previous year.
Has Iran breached Israel's critical infrastructure?
Israel's National Cyber Directorate says critical infrastructure attacks have been successfully defended so far, though smaller organizations like law firms have suffered system wipes.
Why are cyberattacks increasing between Iran and Israel?
The surge correlates with the U.S.-Israeli military offensive against Iran that began in 2025. Cyber operations often intensify alongside conventional military activity.
Does Iran acknowledge these cyberattacks?
Iran typically denies conducting offensive cyber operations against other countries while reporting attacks on its own infrastructure.
Need Help Implementing This?
If your organization needs to assess its cyber resilience against nation-state threats or build incident response capacity, Logicity can connect you with vetted security consultants. Contact our team for recommendations.
Source: Tech-Economic Times / ET
Manaal Khan
Tech & Innovation Writer
Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.
