In June 2025, Israel and Iran engaged in a brief yet intense 12-day conflict, including a variety of cyber operations. The Israel-Iran cyber engagements provide a compelling case study for examining how artificial intelligence (AI) can be projected to amplify asymmetric cyber warfare strategies, particularly those targeting softer civilian infrastructures.
The integration of AI technologies into cyber operations promises to significantly enhance the effectiveness of asymmetric strategies. AI enables automation, scalability, and sophistication in offensive operations such as misinformation campaigns, social engineering, and disruption of civilian infrastructure. Thus, softer civilian targets, with less formidable cyber defenses, face increased risks from asymmetric actors empowered by AI.
This insight analyzes the cyber operations of the 2025 Israel-Iran conflict to illustrate the increasing effectiveness of AI-driven asymmetric cyber warfare strategies. It explores the implications for cybersecurity in the Middle East as AI influences the nature of both cyber offense and defense. Strategic recommendations are offered to enhance cybersecurity resilience against this evolving threat landscape.
The 2025 Israel-Iran Cyber Conflict
On 13 June 2025, Israel launched a wave of airstrikes on Iranian nuclear, government, and military facilities, initiating a direct military confrontation that would last twelve days. The air campaign coincided with a flurry of cyber activity, both offensive and defensive.[i] Israeli strikes on strategic sites in Tehran were paired with cyber operations designed to publicly communicate Iran’s vulnerability and impair its capacity to respond.
Israeli state-targeted cyber operations were marked by strategic and sophisticated attacks:
- On 17 June, the pro-Israel hacktivist collective “Predatory Sparrow” (widely believed to be linked to the Israeli government) destroyed data at Iran’s state-owned Bank Sepah. The attack reportedly denied government and military staff access to their bank accounts, while its effects on civilian customers have not been well documented or widely critiqued.[ii]
- Predatory Sparrow also breached the Iranian cryptocurrency exchange Nobitex, where the Supreme Leader Ali Khamenei’s family members and Iranian proxies like Houthis are documented to have wallets. They transferred approximately $90 million in crypto to unrecoverable addresses, effectively destroying the assets.[iii] Given the opaque design of cryptocurrencies, it is nearly impossible to confirm exactly who was targeted.
- Attackers also hacked and hijacked Iranian state media to broadcast anti-regime messages, coinciding with physical strikes on the Islamic Republic of Iran Broadcasting (IRIB) headquarters.[iv] The attacks highlight a pattern of Israel treating enemy-affiliated media like the Quds News Network (Hamas)[v] and Al Manar (Hezbollah)[vi] as military targets rather than journalists with legal protections.
These operations typify Israel’s emphasis on pressuring governmental and military targets—hard targets that require advanced capabilities to penetrate.
In contrast, Iranian cyber operations adopted asymmetric tactics focused on civilian and economic infrastructure:
- Iranian-linked hacktivist groups launched distributed denial of service (DDoS) campaigns against a range of government and civilian websites from 13 to 17 June.[vii]
- Iranian state actors conducted extremely broad and sophisticated phishing campaigns targeting Israelis in civilian, government, military, and critical infrastructure sectors.[viii]
- Iranian operators hacked unsecured residential security cameras en masse, enabling real-time surveillance of urban areas and missile strike aftermaths.[ix]
This operational contrast reflects a wider strategic divergence. Israel concentrated cyber power against Iran’s hard, state-controlled structures, leveraging precision and disruption. Iran, meanwhile, harnessed asymmetric cyber methods aimed at civilian systems, exploiting their relative vulnerability for strategic psychological and economic impact.
Conceptualizing Asymmetric Cyber Warfare
Asymmetric cyber warfare occurs when less-resourced actors exploit weaknesses in their adversaries’ cyber defenses—especially in civilian infrastructure—to inflict disproportionate impact. Instead of waging traditional, state-to-state cyber campaigns (like those targeting military command-and-control or critical government systems), asymmetric actors harness vulnerabilities in civilian sectors to cause disruption, erode public confidence, and project power beyond their means.
Comparing State vs. Civilian Targeting Strategies
Aspect | State-Targeted (Traditional) | Civilian-Targeted (Asymmetric) |
Target Defense | High-grade, regularly audited cyber defenses | Inconsistent and often outdated |
Entry Barriers | Require advanced reconnaissance & resources | Lower complexity; opportunistic vulnerabilities |
Impact Nature | Strategic surveillance or disruption of key assets | Accretive psychological & economic pressure |
AI Amplification | Enhances both offense and defense capabilities | Reduces cost & scale—supercharging asymmetric impact |
Efficacy and Strategic Value
While asymmetric cyber operations against civilian targets may not be as decisive in a kinetic war as traditional cyber operations on military and government assets, they have several strong advantages:
- Escalation Below the Threshold: Spear phishing and similar operations can be escalated dramatically while remaining below the formal threshold of armed conflict, enabling adversaries to apply sustained pressure during peacetime.
- Stealth & Attribution: Civilian targets have fewer resources to attribute and preempt attempted attacks, giving state hackers plausible deniability and reducing the likelihood of retaliation.
- Psychological Impact: Incidents like camera breaches and personal data leaks strike directly at civilian morale and sense of security, amplifying operational impact with minimal technical investment.
- Scalability With AI: Emerging AI tools lower the bar even further—automating phishing, social media manipulation, and credential harvesting—making civilian-focused cyber operations faster, cheaper, and more potent.
In summary, Iran’s utilization of civilian targets in the 2025 conflict reflects both continuity and innovation in asymmetric cyber warfare. By targeting soft systems not traditionally protected by government-grade protocols, Iran achieved cumulative strategic effects well beyond the sophistication of each attack. Adding AI tools to this playbook is poised to strengthen the strategic advantages of asymmetric actors.
AI’s Impact on Cybersecurity Dynamics
Artificial intelligence is profoundly reshaping cybersecurity, particularly by amplifying offensive capabilities when aimed at civilian targets. The core impact of AI on cyber conflict arises from its ability to automate, scale, and diversify attacks, fundamentally altering the calculus of offense versus defense in the cybersecurity landscape. As AI-enabled cyber operations become increasingly complex and common, civilians—who are greater in number and less equipped to defend themselves—are positioned to bear the brunt of this dynamic.
Enhanced Offensive Capabilities
AI technologies significantly increase the effectiveness of offensive cyber operations. AI-powered malware can autonomously identify system vulnerabilities, conduct exploitation, and propagate throughout networks with minimal human intervention.[x] On the less sophisticated side, DDoS attacks can be scaled with AI-automated botnets capable of adaptive coordination.[xi]
AI-driven automation also enables attackers to rapidly deploy highly targeted and personalized phishing attacks at an unprecedented scale.[xii] Unlike manual methods, AI-driven phishing can efficiently process massive amounts of data to identify individual vulnerabilities, crafting personalized deceptive messages that greatly enhance their credibility and success rate.
Moreover, AI dramatically amplifies misinformation campaigns. Generative AI and deepfake technology fabricate highly realistic image, audio, or video content. This enables cyber actors to impersonate public figures or forge evidence convincingly, creating confusion and mistrust at scale. During the 2025 Israel-Iran conflict, Iranian actors used AI to fabricate documentation of nonexistent military successes, while Israeli-attributed AI imagery tended to be political and propagandistic in nature.[xiii]
AI also lowers barriers to entry for sophisticated cyberattacks, making them accessible to smaller states and non-state actors. Today, user-friendly AI-powered tools are available online on underground markets.[xiv] Smaller actors, including terrorist organizations and hacktivist groups, can now employ automated hacking tools that streamline attack methods previously limited to well-resourced state actors.
Transforming Defensive Cyber Capabilities
On the defensive side, AI offers substantial opportunities for cybersecurity enhancements—for those who can afford it. Governments and companies today are deploying advanced AI systems for threat detection, using machine learning models trained on vast datasets of normal and anomalous behaviors. These AI-driven anomaly detection tools are more effective at identifying compromises than traditional rule-based systems, allowing cybersecurity defenders to detect and respond to threats swiftly, often before major damage is inflicted.[xv]
Automated response systems represent another significant defensive advantage provided by AI. These systems can autonomously initiate defensive actions—such as isolating compromised network segments, blocking malicious IP addresses, or deploying countermeasures to neutralize detected threats—in fractions of a second.[xvi] By responding at speeds beyond human capabilities, AI-driven defenses further limit the window attackers have to inflict harm.
Ambiguity at the Highest Levels of Cyber Conflict
While AI undoubtedly strengthens offensive capabilities against civilian targets and simultaneously enhances defensive capacities at state-level institutions, its net strategic impact on cyber conflict remains deeply uncertain. Both attackers and defenders continually innovate, leveraging AI to gain advantages over their adversaries. This simultaneous advancement creates a constantly shifting equilibrium—an AI-driven cyber arms race—complicating predictions about the ultimate beneficiaries of technological evolution.
For hard targets—such as military, intelligence, and government systems equipped with advanced cybersecurity—the introduction of AI technology may lead to stalemate dynamics rather than decisive advantages for either attackers or defenders. While sophisticated defensive systems quickly neutralize many automated threats, similarly advanced offensive techniques will also continually probe for novel vulnerabilities. The nature of offense-defense advancement among well-resourced actors implies that state-controlled, high-security environments may remain contested yet comparatively secure against devastating cyberattacks.
By contrast, softer civilian targets lack the resources and advanced AI-driven cybersecurity systems necessary for robust defense, disproportionately tipping the scale in favor of offensive actors employing AI. This disparity underscores a critical implication: while state-level cybersecurity may achieve greater balance, civilian-targeted asymmetric cyber warfare is set to become markedly more effective due to AI’s amplification of offensive capabilities.
Conclusion
The 2025 Israel-Iran cyber conflict demonstrates a fundamental shift in modern warfare, where artificial intelligence amplifies asymmetric cyber strategies in ways that disproportionately burden civilian populations. While state-level cybersecurity continues to evolve in an arms race dynamic—with AI enhancing both offensive and defensive capabilities—civilian infrastructure remains critically vulnerable to AI-powered attacks. This disparity creates a dangerous asymmetry where less-resourced actors can inflict significant psychological, economic, and social damage by targeting soft civilian systems with automated, scalable, and sophisticated cyber operations.
The strategic implications are profound. As AI democratizes advanced cyber capabilities, the threshold for conducting effective asymmetric warfare continues to lower, enabling smaller states and non-state actors to project power far beyond their traditional means. Iranian operations against Israeli civilian targets exemplify this trend: automated phishing campaigns, mass surveillance through compromised security cameras, and coordinated DDoS attacks achieved strategic impact through volume and psychological pressure rather than technical sophistication.
Addressing this evolving threat landscape requires comprehensive strategic responses. Public-private partnerships must strengthen civilian cybersecurity infrastructure and improve collective threat awareness. Gulf states in particular should consider regional strategic cyber cooperation and intelligence-sharing agreements. Such frameworks would enable coordinated responses to transnational cyber threats, standardize civilian protection protocols, and create collective defense mechanisms against AI-powered asymmetric warfare.
Without proactive measures, civilian populations will increasingly bear the brunt of AI-amplified cyber conflicts, undermining regional stability and security in ways that conventional military deterrence cannot adequately address.
[i] “ZENDATA’s Cyber Analysis of the Iran-Israel Conflict,” ZENDATA Cybersecurity (blog), June 24, 2025, https://zendata.security/2025/06/24/zendatas-cyber-analysis-of-the-iran-israel-conflict/. Accessed July 10, 2025.
[ii] Matt Kapko, “Iran’s Bank Sepah Disrupted by Cyberattack Claimed by pro-Israel Hacktivist Group,” CyberScoop (blog), June 17, 2025, https://cyberscoop.com/iran-bank-sepah-cyberattack/. Accessed July 10, 2025.
[iii] Gabe Levin, “Hackers Reportedly Wipe out $90 Million from Largest Iranian Cryptocurrency Exchange,” PBS News, June 19, 2025. https://www.pbs.org/newshour/world/hackers-reportedly-wipe-out-90-million-from-largest-iranian-cryptocurrency-exchange. Accessed July 10, 2025.
[iv] “Iran’s State TV Hacked, Protest Videos Aired,” Iran International, June 18, 2025, https://www.iranintl.com/en/202506188310. Accessed July 10, 2025.
[v] United States Department of State, “Custom Report Excerpts,” n.d., https://www.state.gov/report/custom/24b1cc8b88/. Accessed August 4, 2025.
[vi] Avi Jorisch, “Al-Manar: Hizbullah TV, 24/7,” The Washington Institute for Near East Policy, February 1, 2004, https://www.washingtoninstitute.org/policy-analysis/al-manar-hizbullah-tv-247. Accessed 4 August 2025.
[vii] “Cyberattacks against Israel Surge 700% in Two Days, Says Radware,” CTech, June 15, 2025, https://www.calcalistech.com/ctechnews/article/sjuzhm2qlg. Accessed 10 July 2025.
[viii] “Educated Manticore Reemerges: Iranian Spear-Phishing Campaign Targeting High-Profile Figures,” Check Point Blog, June 25, 2025, https://blog.checkpoint.com/security/educated-manticore-reemerges-iranian-spear-phishing-campaign-targeting-high-profile-figures/. Accessed July 11, 2025.
[ix] “ZENDATA’s Cyber Analysis of the Iran-Israel Conflict.”
[x] Vijay Kumar, “AI-Powered Cyber Attacks: The Next Big Challenge,” DigiFortex (blog), April 15, 2025, https://www.digifortex.com/Resources/Blogs/AI-Powered-Cyber-Attacks/. Accessed July 11, 2025.
[xi] Richard Hummel, “How AI Has Changed the DDoS Industry,” SC Media, February 28, 2025, https://www.scworld.com/perspective/how-ai-has-changed-the-ddos-industry. Accessed July 11, 2025.
[xii] Sharon Shea, “How AI Is Making Phishing Attacks More Dangerous,” TechTarget, October 22, 2024, https://www.techtarget.com/searchsecurity/tip/Generative-AI-is-making-phishing-attacks-more-dangerous. Accessed July 11, 2025.
[xiii] Nathan Gallo, “No Definite Proof for Iran’s Claims It Shot down Israeli F-35 Fighter Jets,” France 24, June 24, 2025., https://www.france24.com/en/middle-east/20250624-iran-shot-down-israel-f-35-fighter-jets-no-definite-proof. Accessed July 11, 2025.
[xiv] Derek B Johnson, “Researchers Say AI Hacking Tools Sold Online Were Powered by Grok, Mixtral,” CyberScoop (blog), June 17, 2025, https://cyberscoop.com/uncensored-ai-tool-traced-to-mistral-xai-grok/. Accessed July 11, 2025.
[xv] “What Is the Role of AI in Threat Detection?,” Palo Alto Networks, https://www.paloaltonetworks.com/cyberpedia/ai-in-threat-detection. Accessed 11 July 2025.
[xvi] “Artificial Intelligence (AI) in Cybersecurity: The Future of Threat Defense,” Fortinet, https://www.fortinet.com/resources/cyberglossary/artificial-intelligence-in-cybersecurity. Accessed July 11, 2025.
Mike Sexton is a senior advisor with TRENDS US and a senior policy advisor for Cyber and Artificial Intelligence at Third Way, focusing on optimizing the societal benefits of dual-use technologies like cryptography and generative AI.