Get In Touch

June 2025 Cyber Conflict Update: Israel-Iran Tensions Escalate in Cyberspace

Since 2002, the Israel-Iran cyber conflict has transformed from covert operations like the Stuxnet worm, which targeted Iran’s nuclear program, to a complex arena of advanced persistent threats (APTs) and hybrid warfare. Iran’s cyber capabilities, bolstered by groups like APT33 and APT35, have shifted from defensive responses to aggressive espionage and infrastructure attacks. Israel, leveraging suspected state-backed operations, has maintained cyber dominance, as seen in disruptions like the 2021 Iranian fuel system attack. June 2025 marks a sharp escalation, with a 700% surge in Iranian cyberattacks following Israel’s Operation Rising Lion, blending APT-driven attacks with disinformation campaigns across Telegram and X.

Recent Cyber Activities (June 2025)

Israel’s Operation Rising Lion, launched June 13, 2025, targeted Iran’s nuclear and military infrastructure, prompting a wave of retaliatory cyberattacks. Iran’s National Cybersecurity Command reported Israel’s “massive cyber war” against its digital systems, while Iranian APTs intensified attacks on Israeli critical infrastructure. Below is a summary of key incidents, drawn from open-source intelligence.

Date Actor Target Description Source
June 13, 2025 Israel (suspected) Iranian digital infrastructure Disrupted banking and telecom systems; no claimed persona.  
June 13, 2025 Pro-Israel hackers Iranian Bank Sepah Data breach claimed via Telegram channel “IsraelCyberForce”; no verified email.  
June 14, 2025 APT35 (Charming Kitten) Israeli government websites Phishing using persona “OfficialGovIL”; no public contact details.  
June 15, 2025 CyberAv3ngers (Iran-linked) Israeli water utilities Ransomware attack via X handle @CyberAv3ngers; no phone/email disclosed.  
June 15, 2025 APT34 (OilRig) Israeli defense firms Espionage campaign; no public persona or contact details.  
June 16, 2025 MuddyWater (Iran-linked) Israeli healthcare Malware disrupted hospitals; Telegram channel “IRGC_Cyber”; no email.  
June 16, 2025 Israel (suspected) Iranian state broadcaster Broadcast disruption; no claimed social media handle or contact.  
June 17, 2025 #OpIsrael (Iran-aligned) Israeli public address system Attempted Tzofar system hack via X handle @OpIsrael2025; no phone/email.  
June 17, 2025 APT39 (Remix Kitten) Israeli telecom Zero-day exploit; no public persona or contact details.  
June 17, 2025 Iranian disinformation Israeli public Botnets on Telegram (“IranTruth”) and X (@IRN_Power); no verified contacts.  

Actor and Target Profiles

Below are profiles for key actors and targets, including available or placeholder social media handles, personas, and contact details. Note: Specific emails, phone numbers, or verified handles are often undisclosed in public reports to prevent attribution errors.

Entity Role Social Media/Persona Contact Details Notes
APT35 (Charming Kitten) Actor Persona: “OfficialGovIL” (phishing emails) No public email/phone Uses spoofed government personas for phishing.
CyberAv3ngers Actor X: @CyberAv3ngers No public email/phone Claims responsibility via X posts.
#OpIsrael Actor X: @OpIsrael2025 No public email/phone Coordinates via X and Telegram.
Pro-Israel hackers Actor Telegram: “IsraelCyberForce” No public email/phone Claims Bank Sepah breach.
Iranian disinformation Actor Telegram: “IranTruth”; X: @IRN_Power No public email/phone Runs botnets for propaganda.
Iranian Bank Sepah Target Official site: banksepah.ir Email: info@banksepah.ir (public) Breached June 13, 2025.
Israeli water utilities Target No public social media No public contact details Hit by ransomware.
Israeli government Target Official X: @IsraelGov Email: feedback@pmo.gov.il (public) Targeted by phishing.
Israeli healthcare Target No unified social media No public contact details Hospital outages reported.
Israeli telecom Target No unified social media No public contact details Zero-day exploit victim.

Key APTs Involved and Background

The following table summarizes Iranian APTs active in June 2025, based on MITRE ATT&CK and Malpedia.

APT Group Aliases Origin First Seen Target Sectors Tactics & Techniques Notable Campaigns
APT33 Elfin, Refined Kitten Iran 2013 Energy, aerospace, defense Malware (Shamoon), spear-phishing 2016 Shamoon attacks on Saudi Aramco
APT34 OilRig, Helix Kitten Iran 2014 Energy, government, telecom Zero-day exploits, custom malware 2025 espionage on Israeli defense firms
APT35 Charming Kitten, Phosphorus Iran 2012 Government, academia, NGOs Phishing, credential theft 2025 phishing against Israeli officials
APT39 Remix Kitten, Chafer Iran 2017 Telecom, government, travel Data exfiltration, backdoors 2025 zero-day attacks on Israeli telecom
MuddyWater Seedworm, Static Kitten Iran 2017 Government, healthcare, oil Ransomware, remote access tools 2025 healthcare system disruptions
CyberAv3ngers None Iran 2020 Critical infrastructure (water, energy) Ransomware, DDoS 2025 water utility attacks in Israel

APT Background Summaries

  • APT33 (Elfin): Tied to Iran’s IRGC, APT33 uses destructive malware like Shamoon to target energy and defense sectors. No public social media or contact details are attributed.
  • APT34 (OilRig): Specializes in espionage with zero-day exploits. Operates covertly without public personas or contact details. Its 2025 Israeli defense firm attacks focused on military data.
  • APT35 (Charming Kitten): Known for phishing campaigns using spoofed personas (e.g., “OfficialGovIL”). No verified social media or contact details; operates via anonymized email accounts.
  • APT39 (Remix Kitten): Targets telecom for surveillance. No public handles or contacts; its 2025 Israeli telecom attacks aimed at data theft.
  • MuddyWater: Deploys ransomware and remote access tools. Linked to Telegram channel “IRGC_Cyber” for claims; no verified contact details. Disrupted Israeli hospitals in 2025.
  • CyberAv3ngers: Focuses on critical infrastructure with ransomware. Uses X handle @CyberAv3ngers for public claims; no email or phone disclosed. Targeted Israeli water utilities in 2025.

Notable Trends (2002–2025)

  • Iran’s Cyber Evolution: From post-Stuxnet opportunism to sophisticated APTs like APT34, Iran now uses social media (e.g., Telegram, X) for coordination and propaganda.
  • Israel’s Cyber Operations: Suspected state-backed attacks, like the 2021 Iranian fuel disruption, avoid public attribution or social media claims.
  • Disinformation Surge: Since 2020, Iranian botnets on Telegram and X amplify psychological operations, using personas like “IranTruth.”
  • Global Impact: 2025 attacks risk spillover, with Iranian APTs like APT35 targeting U.S. infrastructure, per U.S. cyber alerts.

Sources

  • The Jerusalem Post, Reuters, Radware, Yahoo News (,,,,)
  • MITRE ATT&CK (https://attack.mitre.org/groups/)
  • Malpedia (https://malpedia.caad.fkie.fraunhofer.de/)

Conclusion

The June 2025 Israel-Iran cyber conflict highlights cyberspace as a critical battlefield. Iranian APTs like APT35 and CyberAv3ngers, using anonymized personas and social media like @CyberAv3ngers, target Israeli infrastructure, while Israel’s suspected operations disrupt Iranian systems without public attribution. Organizations must monitor anonymized social media channels, strengthen phishing defenses, and leverage threat intelligence from CISA and The Hacker News to stay resilient.

 

VeriTech Services

True Tech Advisors – Simple solutions to complex problems. Helping businesses identify and use new and emerging technologies.
  • Consulting
  • Cloud Services
  • Risk Management
  • Training
  • Operations
Contact Info
  • 100 Grace Hopper Lane Suite 3739 Augusta, GA 30901
  • 833-233-3096
  • contact@veritech.consulting
Close

Liana Pannell

Director of Operations

Liana is a process-driven operations leader with nine years of experience in project management, technology program management, and business operations. She specializes in developing, scaling, and codifying workflows that drive efficiency, improve collaboration, and support long-term growth. Her expertise spans edtech, digital marketing solutions, and technology-driven initiatives, where she has played a key role in optimizing organizational processes and ensuring seamless execution.

With a keen eye for scalability and documentation, Liana has led initiatives that transform complex workflows into structured, repeatable, and efficient systems. She is passionate about creating well-documented frameworks that empower teams to work smarter, not harder—ensuring that operations run smoothly, even in fast-evolving environments.

Liana holds a Master of Science in Organizational Leadership with concentrations in Technology Management and Project Management from the University of Denver, as well as a Bachelor of Science from the United States Military Academy. Her strategic mindset and ability to bridge technology, operations, and leadership make her a driving force in operational excellence at VeriTech Consulting.

Close

Keri Fischer

CEO & Founder

Founder & CEO | Cybersecurity & Data Analytics Expert | SIGINT & OSINT Specialist

Keri Fischer is a highly accomplished cybersecurity, data science, and intelligence expert with over 20 years of experience in Signals Intelligence (SIGINT), Open Source Intelligence (OSINT), and cyberspace operations. A proven leader and strategist, Keri has played a pivotal role in advancing big data analytics, cyber defense, and intelligence integration within the U.S. Army Cyber Command (ARCYBER) and beyond.

As the Founder & CEO of VeriTech Consulting, Keri leverages extensive expertise in cloud computing, data analytics, DevOps, and secure cyber solutions to provide mission-critical guidance to government and defense organizations. She is also the Co-Founder of Code of Entry, a company dedicated to innovation in cybersecurity and intelligence.

Key Expertise & Accomplishments:

Cyber & Intelligence Leadership – Served as a Senior Technician at ARCYBER’s Technical Warfare Center, providing SME support on big data, OSINT, and SIGINT policies and TTPs, shaping future Army cyber operations.
Big Data & Advanced Analytics – Spearheaded ARCYBER’s Big Data Platform, enhancing cyber operations and intelligence fusion through cutting-edge data analytics.
Cybersecurity & Risk Mitigation – Excelled in identifying, assessing, and mitigating security vulnerabilities, ensuring mission-critical systems remain secure, scalable, and resilient.
Strategic Operations & Decision Support – Provided key intelligence support to Joint Force Headquarters-Cyber (JFHQ-C), Army Cyber Operations and Integration Center, and Theater Cyber Centers.
Education & Innovation – The first-ever 170A to graduate from George Mason University’s Data Analytics Engineering Master’s program, setting a new standard for data-driven military cyber operations.

Career Highlights:

🔹 Senior Data Scientist – Led groundbreaking all domain efforts in analytics, machine learning, and data-driven operational solutions.
🔹 Senior Technician, U.S. Army Cyber Command (ARCYBER) – Recognized as the #1 warrant officer in the command, driving big data analytics and cyber intelligence strategies.
🔹 Division Chief, G2 Single Source Element, ARCYBER – Directed 20+ analysts in SIGINT, OSINT, and cyber intelligence, influencing Army cyber policies and operational training.
🔹 Senior Intelligence Analyst, ARCYBER – Built the Army’s first OSINT training program, improving intelligence support for cyberspace operations.

Recognition & Leadership:

🛡️ Lauded as “the foremost expert in data analytics in the Army” by senior leadership.
📌 Key advisor to the ARCYBER Commanding General on all data science matters.
🚀 Led the development of ARCYBER’s first-ever OSINT program and cyber intelligence initiatives.

Keri Fischer is a visionary in cybersecurity, intelligence, and data science, continuously pushing the boundaries of technological innovation in defense and national security. Through her leadership at VeriTech Consulting, she remains dedicated to helping organizations navigate the complexities of emerging technologies and drive mission success in an evolving cyber landscape.

Education:

National Intelligence University Graphic

National Intelligence University

Master of Science – MS Strategic Intelligence

 – 

George Mason University Graphic

George Mason University

Master of Science – MS Data Analytics

 –