Israeli authorities recorded a sharp rise in cyberattacks linked to Iran during June 2026, with the number of reported incidents tripling compared with the same period last year, according to a senior Israeli cybersecurity official.
Yossi Karadi, Director General of the National Cyber Directorate of Israel, told German newspaper Die Welt that Israeli authorities registered around 4,800 hostile cyber incidents in June 2026, up from about 1,600 recorded during Israeli military operations against Iran in June 2025.
Karadi said the attacks targeted critical infrastructure systems, central organisations, small and medium-sized businesses, and members of the public. He identified law firms and accounting firms among the smaller organisations affected.
The Director General National Cyber Directorate said Israel had so far succeeded in preventing attacks on critical infrastructure but stressed that cyber threats remained a serious concern.
Karadi said organisations with weaker cyber defences had, in some cases, suffered attacks that erased their computer systems. He did not identify any of the affected companies.
He also said cyber operations continued despite military developments, adding that, unlike conventional warfare, there was “no ceasefire in cyberspace.”
Last month, cybersecurity firm Palo Alto Networks reported that an Iranian government-linked hacking group, known as Screening Serpens, had intensified its cyber-espionage operations following the US-Israeli conflict.
The group targeted organisations across the United States, Israel and several Middle Eastern countries, focusing on high-value sectors such as aerospace, defence and telecommunications.
Researchers said the hackers relied on highly personalised spear-phishing campaigns, using fake job offers, spoofed video conference invitations and impersonated organisations to trick victims into installing remote access Trojans (RATs).
Palo Alto identified six previously unseen malware variants belonging to two malware families, MiniUpdate and MiniJunk V2, which were used to gain long-term access to compromised systems.
The report also found that some attacks involved months of reconnaissance, with hackers studying victims’ online activity before launching tailored phishing attempts.
Researchers warned that the group had continued to adapt its tactics and was likely to maintain its cyber campaigns, urging organisations to strengthen their cybersecurity defences against further espionage attempts.
