Iran's cyberattacks on Israel tripled in 2026 as kinetic war extended to digital infrastructure

Israel's National Cyber Directorate chief Yossi Karadi told Die Welt on June 29 that hostile cyber incidents rose from 1,600 in June 2025 to 4,800 in June 2026, targeting critical infrastructure, mid-sized firms, and the public; there is 'no ceasefire in cyberspace'

Summary

Yossi Karadi, Director General of Israel's National Cyber Directorate, said on June 29 that hostile cyber incidents attributed to Iran tripled from approximately 1,600 in June 2025 to 4,800 in June 2026. Karadi made the disclosure to German daily Die Welt, saying the attacks targeted Israel's critical infrastructure, large organizations, small and medium-sized firms including law practices and accounting firms, and the general public. "We can handle them, but we have to take them seriously. Unlike in the kinetic realm, there's no ceasefire in cyberspace," Karadi said. The disclosure came on the same day as Iranian ballistic missile and drone strikes on US military facilities in Bahrain and Kuwait.

Why it matters

The ceasefire MOU signed June 17 governs kinetic hostilities and diplomatic processes; it contains no cyber provisions. Iran's ability to triple digital attack volume while technically inside a ceasefire shows the MOU's structural gap: the framework halts bombs but not code. For Israel's civilian economy, the SME targeting signals Iran is attempting to erode economic confidence through non-attributable disruption rather than only headline military strikes.

What to watch

Whether Israel or the US attempt to add a cyber-operations clause to the ceasefire implementation discussions in Doha.
Specific sectors: if attacks shift from SME disruption to critical infrastructure outages (power, water, banking), the threshold for a kinetic response under the MOU becomes contested.
Whether other ceasefire parties, particularly Lebanon and the Gulf states, see similar cyber-incident spikes in parallel.

Regional takes · 3

▸ Israeli news daily; first English-language publication of Karadi's Die Welt interview, citing specific incident counts and the directorate's qualitative assessment of the threat

Times of Israel · Israel · en · Jun 29, 2026 13:36Z

Times of Israel published Karadi's core figures (1,600 vs 4,800 incidents) and his statement that attacks targeted critical infrastructure, law firms, accounting firms, and SMEs, along with his warning that unlike in the kinetic realm, there is no ceasefire in cyberspace.

“Iranian cyberattacks on Israel surged in 2026, cyber chief says; from 1,600 incidents in June 2025 to 4,800 in June 2026.”

Source ↗

▸ Middle East specialist publication; contextualized the surge within Iran's broader information-operations strategy alongside the kinetic conflict and ceasefire uncertainty

Al-Monitor · United States · en

Al-Monitor placed the cyber surge in the context of Iran's dual-track warfare: using cyber operations to continue pressure on Israel while maintaining plausible deniability inside the ceasefire MOU, which makes no reference to cyber operations.

“Iran cyberattacks on Israel surged in 2026, Israeli cyber chief says; digital domain operating outside ceasefire constraints.”

Source ↗

▸ Saudi-owned pan-Arab daily; framed the disclosure as further evidence of Iran's continued hostility toward Israel despite the ceasefire, relevant to Gulf states monitoring Iran's post-MOU behavior

Asharq Al-Awsat · Saudi Arabia · en

Asharq Al-Awsat noted that the tripling of cyber incidents runs parallel to Iran's physical strikes on Bahrain and Kuwait, suggesting a coordinated multi-domain pressure campaign that continues despite the nominal ceasefire.

“Iran cyberattacks on Israel surged in 2026; attack volumes tripled year-on-year as ceasefire leaves cyber domain unaddressed.”

Source ↗