As Israel fended off physical attacks from the air, it also grappled with a surge in silent, sophisticated cyber warfare.
Since the launch of Operation Rising Lion on June 13, cyberattacks against Israeli entities have surged by more than 700%.
The targets? Not just defense systems or infrastructure, but civilians and financial institutions at the heart of the economy.
One particularly widespread campaign came disguised as an act of aid. Thousands of Israelis received a message claiming to be from the Finance Ministry, offering wartime grants to households.
The form looked official: clean branding, bureaucratic language, a tone of reassurance. But behind the scenes, it was a data trap.
Victims were asked to submit sensitive personal information: ID numbers, home addresses, number of family members, and bank account details.
“It looked completely legitimate,” one recipient said. “I only realized I had handed over everything to attackers after it was too late.”
This is the essence of wartime social engineering, exploiting panic, urgency, and confusion to trick people into giving attackers exactly what they need.
These attacks are not only aimed at the public. They have penetrated deep into Israel’s financial sector, where remote work and digital collaboration have become the norm.
From phishing emails that mimic IT departments to fake Zoom invites and Slack messages urging urgent action, attackers are targeting the internal systems companies rely on most, especially when they are stretched thin during conflict.
In a world where physical borders are fading, the battlefield has moved to the screen. Israel, widely regarded as a global cyber power, is not only a defender; it’s also a high-value target. What drives the attackers? How do they view their operations? And why is Israel such a coveted target?
The ultimate challenge
For many in the global hacker community, Israel is “The Holy Grail,” a technologically advanced country with hardened infrastructure and cyber defenses built by veterans of elite military units like Unit 8200. For seasoned attackers, breaching Israeli systems isn’t just a hack; it is a statement.
It’s much easier to break into a bank anywhere else in the world, but Israel? That’s prestige. If you get in, the whole world knows your name.
Attack where it hurts; most cyberattacks begin with a single question – where does it hurt? Attackers seek out weak points in government systems, critical infrastructure, and tech companies. The goal is not always financial; more often, it’s psychological, political, or ideological. The attackers want noise. Educational institutions, hospitals, and municipalities are soft targets that are easy to exploit and present as major wins.
Tactics
Lure and breach. “It all starts with the back door,” says an anonymous hacker from a Telegram group affiliated with a known cyber threat actor. “One email, a PDF, or even a seemingly innocent link – that is all it takes. We are not attacking the server; we are attacking the person who clicks.”
Once inside, attackers map out the network, identify sensitive data, and may encrypt files and demand ransom. Sometimes, they just leak the data to embarrass their targets.
Why Israel? What brings hackers back to Israel time and again is a mix of high symbolism and strategic value. Every breach gets media attention, elicits a strong public response, and delivers a sense of accomplishment.
“Israel reacts, and that’s exactly what we want,” admits a Telegram user affiliated with a state-linked group. “We’re not looking for silence. We want an echo.”
Israel is the highest-level game
Below is a conversation with a hacker from the other side:
Q: What does a typical workday look like for a hacker targeting Israeli assets?
A: “It’s not what you think. We’re not sitting in a basement wearing hoodies. It’s a team. We have open-source intelligence analysts, vulnerability researchers, coders, infrastructure builders, and even communications experts who write the breach announcements.”
Q: How do you choose a target?
A: “We look for sensitivity. A government ministry? That’s interesting. A fintech company with clients? Even better. But the best targets are the ones with emotional weight – a university, a municipality, an educational institution. The public reacts strongly, and the pain is felt quickly.”
Q: Are there things you avoid? Any redlines?
A: “There have been cases where we were asked to hit a hospital or healthcare system, and we refused. We want impact, not death. Once someone dies, the game is over.”
Q: What’s the hardest part about attacking Israel?
A: “Awareness. In most countries, we are dealing with outdated systems, tired employees, and superficial security. In Israel, everyone’s suspicious. The systems are smart, and the response is fast. When you get in, you have to know exactly what you’re looking for. There can be no time wasted.”
Q: And what’s the most satisfying moment?
A: “When the headline pops up on channels. The moment you see it on TV, that’s when you know it worked.”
The attackers’ message is clear: This is just the beginning. Cyber attackers don’t operate in a vacuum; they respond to geopolitical tensions, technological vulnerabilities, and ideological motives. To them, a successful breach in Israel isn’t just a technical victory but a symbol of resistance. And in this war, the keyboard is mightier than the sword.
The writer is co-founder and CEO of Cyvore.