The uptick has been steep in the wake of the U.S.-Israeli push against Iran. A senior official has put it plainly: even with the fighting going on in other theatres, the cyber side of things is heating up. This tripling of activity year over year is a sign of the strain being put on everything from government networks to the general public.
Scale of the cyber escalation
Take June 2025, for instance. While the military was in the field in Iran, Yossi Karadi, head of the National Cyber Directorate, says they put down 1,600 hostile acts. Fast forward to June 2026 and you’re looking at 4,800.
Karadi will be the first to tell you the opposition is varied in what they can do. “Some are very good at what they do,” he says, and while we can make short work of them, you don’t let your guard down. The one thing that’s different from a physical war is there’s no such thing as a truce in cyberspace.
Who is being targeted
It’s not just the big players. Karadi says the focus has been on the systems of central bodies, the public, and small to mid-sized firms. It’s a wider net than before, which makes the job of the defenders more of a chore.
He points to law and accounting offices as examples of the kind of smaller outfit that has been made an example of. If a company is easy to get into, they often find their computers have been wiped, though he won’t put a name to any of them.
For now, the authorities have put a stop to any moves against the really important infrastructure. Karadi is hopeful it will hold, but he’s under no illusions that the threat is still out there and changing with the times.
Why this matters now
This isn’t just about what’s happening on the ground anymore. When you see a move from a few hundred to a few thousand cases in a year, and you add in the strikes on public and commercial systems, you have to take the risk of some serious disruption into account.
Here is the bottom line from the officials:
– We went from 1,600 to 4,800 in a year
– Critical and central organisations are in the crosshairs
– Some of the smaller victims are in the legal and accounting world
– Those who were soft targets had their systems cleaned out
– Any attempt on our key infrastructure has been turned back
Competing narratives and accountability
Iran’s line is that they don’t hack other nations, and they’ll be quick to report on the ones done to them. You can count on a row over who is to blame, even as Israel puts the onus on Iranian hands for this latest wave.
That chasm between what’s said in public and what’s happening in the field isn’t going away. The figures from Israel tell a story of a tough, months-long campaign in the digital realm.
What comes next
Karadi is calling for a steady hand. With prodding of both the large and the more accessible, it’s going to be a long haul for those on the defensive. For the little guy, the talk of data being wiped is a nudge to make sure your defences are in order if you want to keep running.
He’s not giving out any names. But by drawing a line in the sand for the critical stuff and admitting the toll on the rest, he’s painting a picture of two different worlds: where the high-end is holding and the rest is taking the hit.
There’s no letting up on the cyber side as the war goes on. Hitting 4,800 in June 2026 is a clear message from the top: you have to be ready, because this is far from over.
