As missiles fly between Iran and Israel, a parallel war rages in cyberspace. Iran has slowed its internet nationwide in what officials call a temporary security measure to block foreign cyber operations. But critics see a troubling pattern of digital repression, even as new hacks, from banks to cryptocurrency exchanges, leave infrastructure vulnerable and users in fear.
As tensions soar between Iran and Israel, the Islamic Republic has drastically slowed its national internet connectivity in what it describes as a “temporary, targeted, and controlled” cybersecurity defence mechanism. The Iranian government claims the move aims to thwart Israeli covert cyber attacks amid ongoing missile exchanges and a rapidly escalating shadow war online.
According to Iranian government spokesperson Fatemeh Mohajerani and cyber enforcement body FATA Police, the slowdown is meant to preserve the “stability and security of the nation’s digital infrastructure.” But NetBlocks, a watchdog monitoring global internet connectivity, reported a “significant reduction in traffic” beginning at 5:30 p.m. local time, sparking fears of nationwide censorship and disruption.
The restrictions come just days after Israel launched a direct attack on Iranian soil, marking a rare escalation in physical warfare. But behind the headlines, the real war is now unfolding in cyberspace, where both nations and affiliated groups have launched cyber salvos that are drawing in civilians, banks, and infrastructure.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
Predatory Sparrow Strikes Again
In one of the most high-profile digital attacks this week, the hacktivist group Predatory Sparrow, widely believed to be aligned with Israeli intelligence, claimed responsibility for crippling Iran’s Bank Sepah. The group publicly stated the bank was a “core instrument of terror financing and nuclear ambition,” and declared it had wiped out parts of the institution’s backend infrastructure.
In a public post, Predatory Sparrow taunted Iran’s leadership, saying:
“This is what happens to institutions dedicated to maintaining the dictator’s terrorist fantasies.”
The group previously gained notoriety for exposing sensitive Iranian data, with experts linking them to state-level capabilities akin to Israel’s infamous Stuxnet operation against Iran’s nuclear centrifuges over a decade ago.
The digital offensive did not stop at banking. In a follow-up operation on June 18, Predatory Sparrow announced it had breached Nobitex, Iran’s largest cryptocurrency exchange. The group claims to have stolen and plans to publish internal source code and sensitive transaction data from the platform, allegedly used by the Iranian regime to evade international sanctions.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Millions Vanish: Nobitex in Crisis Mode
Within hours of the cyberattack, blockchain sleuth ZachXBT confirmed that nearly $81.7 million (approximately Rs. 700 Crores) worth of assets were siphoned from Nobitex wallets across Bitcoin, Tron, and Ethereum chains. The attacker used a vanity crypto address bearing an explicit anti-IRGC message, signalling the political motive behind the attack. Nobitex issued a statement acknowledging unauthorized access to its reporting infrastructure and hot wallets, but assured users that assets are “safe” and promised to compensate for any losses.
Iran Accuses WhatsApp of Espionage
In a parallel narrative, Iranian officials urged citizens to delete WhatsApp, claiming, without evidence, that the Meta-owned platform was being used by Israel to spy on Iranian users. While WhatsApp categorically denied these allegations, asserting it does not share data with any government, the warning has already created a wave of fear and digital paranoia.
The call for deletion is also seen by human rights groups as a pretext for deeper surveillance and a potential attempt to steer citizens toward state-controlled messaging apps, long criticized for aiding regime censorship and surveillance.
A New Axis of Digital Warfare
The United States has also entered the fray. The U.S. Department of State recently offered rewards for information on Iranian hacking groups like Cyber Av3ngers, tied to the IRGC Cyber-Electronic Command. These actors, using IOCONTROL (aka OrpaCrab) malware, are accused of targeting critical infrastructure in the U.S., Israel, and Gulf nations, including ICS/SCADA systems that operate power grids and water supplies. Washington’s message is clear: cyberattacks that endanger civilians will no longer be tolerated in silence.
Meanwhile, Iranian cyber forces and sympathetic groups such as Mysterious Team Bangladesh and Arabian Ghost have stepped up attacks on Israeli public services, with radio stations and government websites reportedly knocked offline. These groups have warned Jordan and Saudi Arabia against aligning with Israel or the West, deepening regional unease.
Iran’s throttling of the internet, ostensibly to protect its digital borders, has opened up new fault lines in the already volatile cyber-geopolitical landscape of the Middle East. The shutdown may be short-lived, but the consequences of disrupting communication, economic transactions, and digital freedoms could linger far longer.
As both missiles and malware fly across borders, one thing is certain: the future of warfare is as much about keyboards as it is about missiles.