When it comes to military firepower, the US and Israel are not shy about how they are attacking Iran.
With professional photos and slick videos, US Central Command has been posting every few hours on social media about the kinds of weapons, jets and ships being used.
But the US and Israel are far more coy on what is happening in cyber-space.
Over hours of press conferences, speeches and dozens of social media posts, mentions of cyber operations are vanishingly rare.
However, Iranian hackers have claimed their first prominent cyber-attack on a US company during the conflict, on US medical tech firm, Stryker.
And cyber is indeed playing a significant role in this war, as commander of the US Central Command Admiral Brad Cooper recently hinted in a press update.
"We continue with strikes into Iran from seabed to space and cyber-space," he said.
Here is what we know about the types of cyber operations being carried out - and what it tells us about modern warfare.
Before missiles were fired
Cyber-espionage and hacking are known to play a large role in so-called "pre-positioning" for war.
General Dan Caine, chairman of the joint chiefs of staff at the Pentagon, described in a press conference how the war was enabled by months, in some cases years, of planning that went into preparing the so called "target set" for strikes.
US and Israeli hackers could have infiltrated key computer networks in Iran long before any actual strike was planned.
Computer networks behind air defences or military communications would have been high-priority targets.
The Financial Times was told by unnamed sources that CCTV and traffic cameras had been hacked by Israel to create an enormous surveillance network, in order to establish so called "patterns of life" of Ayatollah Ali Khamenei and his commanders in preparation for the strike that killed him.
Internet-connected cameras have become a target in cyber warfare as they "offer real‑time situational awareness of streets, facilities, and movement at very low cost," said Sergey Shykevich, threat intelligence expert at cyber-security company Check Point.
Commentators say this kind of information would be used alongside more traditional intelligence - such as that gathered from human spies.
"Cyber isn't usually the decisive weapon on its own; it's a force multiplier that helps shape the information environment and supports operations happening on the ground," said Tal Kollender, former Israeli military cyber-defence specialist and founder of cybersecurity platform Remedio.
In a press conference given after the initial strikes, operatives in US Cyber Command and US Space Command were described by Gen Caine as the "first movers", disrupting and "blinding Iran's ability to see, communicate and respond".
Some commentators suggest mobile phone towers were jammed or shut off to prevent the Ayatollah's security team from being warned about incoming jets, for example.
This is not confirmed but we have seen this in other conflicts, such as the war in Ukraine.
US Defence Secretary Pete Hegseth also boasted during a more recent press conference that members of the Iranian military "can't talk or communicate, let alone mount a coordinated and sustained offensive".
The comments echo the words of President Trump when praising the success of the abduction of Venezuelan President Nicolas Maduro. "The lights of Caracas were largely turned off due to a certain expertise that we have," he said after that operation.
It has not been confirmed if the president was referring to a cyber-attack, but in the newly-published US Cyber Strategy he went further in praising his cyber forces for that specific operation, saying that they rendered "our adversaries blind and uncomprehending during a flawless military operation".
Israel is also being accused of hacking a popular Iranian prayer-timing app called BadeSaba which has 5 million downloads.
Reuters reported that a push notification was sent to users just as the bombs began to hit saying "help has arrived".
Secretary Hegseth spoke this week about the continuing operation of "hunting for more systems to kill" - and cyber may well play a role in this stage of the war with operatives using open source intelligence, satellite imagery analysis and cyber-espionage to locate military targets in Iran.
The use of Artificial Intelligence (AI) tools are probably being heavily employed in this work too. A possible hint of this came again from Hegseth who praised an intelligence operative he saw in action.
"I was talking to a young colonel who's iterating on how we target and how we find and fix different aspects of what the Iranians are trying to do," he said, being careful not to give away too much detail.
Fog of cyberwar
The US and Israel have a long history of carrying out significant cyber attacks against Iran and are famously secretive about them.
For example, officials are still cagey about the infamous destructive Stuxnet hack on Iran's uranium enrichment facilities in 2010.
Israel has also been accused of causing a meltdown at steel plants in Iran in 2022 under the guise of hacktivist group Predatory Sparrow.
"If a country openly describes its capabilities or specific operations, it risks revealing techniques, access points, or intelligence sources that could be shut down quickly by adversaries," said Kollender.
"In cyber, the value of a capability often depends on the other side not knowing exactly how it works," she added.
Despite this, Dr Louise Marie Hurel from the Royal United Services Institute has been pleasantly surprised by the information the US is disclosing.
But she argues the war has shown that cyber should be talked about in the same way as conventional action to maintain rules of engagement.
"This is an opportunity for us to have a more public debate regarding the support and strategic advantage cyber provides in broader military campaigns and crisis.
"If cyber is openly acknowledged as integral to the strike package, it can help sharpen the questions about the laws of armed conflict, proportionality, and what counts as a use of force," she said.
Where is Iran?
A puzzling part of the ongoing war is that Iran has largely been visibly absent in the cyber domain.
To date, the most notable attack linked to the nation has been the hacking of Stryker, a major US medical technology company, first reported on Wednesday.
Iran has long been regarded as a capable cyber power and although the western cyber-security world is braced for attacks either from the state or hackers linked to the state, there has been little activity so far.
The Stryker incident saw the company's employee login defaced with a message claiming data had been erased in a 'wiper' attack by an Iran-backed group of activists and repeated by Iran's state broadcaster.
In an update on Thursday morning, Stryker said it was working to end the disruption and said its products were safe to use.
It seems implausible that Iran is holding back in this war - so either they have been incapacitated by reported Israeli strikes, or they have been overestimated.
Their reputation has been earned by past attacks like the 2012 hack of long-time rival Saudi Arabia's oil giant Aramco which used wiper malware to destroy 30,000 computers.
On Wednesday it was reported that an Iranian-linked hacking group, Handala, had hit medical technology firm Stryker with a so-called wiper malware attack.
As well as wiper attacks, Iran has been accused of attempting to meddle with critical national infrastructure to cause physical harm.
Hurel cautions against writing off Iran's ability to retaliate either directly or through vigilante hacker groups.
"I wouldn't jump to conclusions regarding Iran as we have seen considerable hacktivist activity, and public reporting has previously shown that patriotic hacker personas have sometimes been used as a facade for state-linked groups," she said.
Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
Facts Only
The U.S. and Israel have conducted cyber operations against Iran, including infiltrating computer networks and disrupting communications.
U.S. Central Command has publicly documented conventional military strikes but has been reticent about cyber operations.
Iranian hackers claimed responsibility for a cyber-attack on U.S. medical tech firm Stryker during the conflict.
U.S. and Israeli hackers may have compromised Iranian CCTV and traffic cameras to monitor leaders like Ayatollah Ali Khamenei.
U.S. officials have suggested that cyber operations were used to "blind" Iran’s ability to see, communicate, and respond to strikes.
Israel has been accused of hacking an Iranian prayer-timing app, BadeSaba, to send a push notification during airstrikes.
The U.S. has hinted at using AI and cyber-espionage to locate and target Iranian military systems.
Iran has a history of significant cyber attacks, including the 2012 hack of Saudi Aramco and a 2022 attack on Iranian steel plants attributed to Israel.
Iranian-linked hacking group Handala claimed responsibility for the Stryker attack, which involved wiper malware.
U.S. Defence Secretary Pete Hegseth stated that Iranian military communications have been disrupted.
The U.S. Cyber Strategy has praised cyber forces for rendering adversaries "blind and uncomprehending" during military operations.
Iran’s limited cyber retaliation in this conflict contrasts with its past aggressive cyber activities.
Executive Summary
Cyber warfare is playing a significant but largely unpublicized role in the ongoing conflict involving Iran, the U.S., and Israel. While conventional military strikes are openly documented, cyber operations remain shrouded in secrecy. The U.S. and Israel have a history of conducting cyber attacks against Iran, including the infamous Stuxnet hack in 2010 and more recent disruptions to Iranian infrastructure. Reports suggest that cyber-espionage and hacking have been used to gather intelligence, disrupt communications, and blind Iranian defenses ahead of military strikes. For instance, Israeli hackers allegedly compromised CCTV and traffic cameras to monitor Iranian leaders, while U.S. officials have hinted at cyber operations disabling Iran’s ability to communicate and coordinate. Iran, despite its reputation as a capable cyber power, has had limited visible cyber retaliation, with the most notable incident being a hack on U.S. medical tech firm Stryker. The lack of overt Iranian cyber activity raises questions about whether their capabilities have been degraded or if they are biding their time. The conflict underscores the growing integration of cyber warfare into modern military strategy, where digital operations complement kinetic strikes but remain largely unacknowledged in public discourse.
The article highlights the strategic ambiguity surrounding cyber warfare, where nations avoid disclosing capabilities to prevent adversaries from adapting. While the U.S. has been more open about its cyber operations in this conflict than in past engagements, experts argue that greater transparency could help establish norms and rules of engagement in cyber warfare. The use of AI and open-source intelligence to identify and target Iranian systems further illustrates the evolving nature of digital warfare. However, the lack of Iranian cyber retaliation remains puzzling, given their past attacks on critical infrastructure, such as the 2012 Aramco hack. The situation reflects the broader challenges of attributing cyber attacks and understanding their full impact in modern conflicts.
Full Take
The narrative presents cyber warfare as a critical but opaque dimension of the U.S.-Israel-Iran conflict, emphasizing its role in intelligence gathering, communication disruption, and strategic advantage. The strongest version of this narrative credits cyber operations with enabling precision strikes and degrading Iran’s defensive capabilities, framing it as a force multiplier rather than a standalone weapon. The article acknowledges the historical context of cyber attacks, such as Stuxnet, and highlights the strategic value of secrecy in maintaining operational advantage. However, the lack of overt Iranian cyber retaliation raises questions about whether their capabilities have been neutralized or if they are employing a more subtle strategy.
Patterns detected: ARC-0024 Ambiguity (strategic vagueness about cyber operations), ARC-0043 Motte-and-Bailey (publicly acknowledging cyber’s role while avoiding specifics to retain plausible deniability).
The root cause of this narrative is the paradigm of modern warfare, where cyber operations are integrated into traditional military strategies but remain classified to preserve tactical surprise. The unstated assumption is that cyber warfare is inherently asymmetrical, favoring nations with advanced technical capabilities and intelligence networks. This echoes historical patterns of technological dominance in warfare, from radar in World War II to drones in the 21st century.
The implications for human agency and dignity are profound. Cyber warfare blurs the lines between civilian and military targets, as seen in the hacking of medical tech firm Stryker and prayer-timing apps. The second-order consequences include the normalization of digital espionage and the potential for escalation in cyber conflicts beyond the current theater. Who benefits? Nations with robust cyber capabilities gain strategic leverage, while adversaries face degraded command and control. Who bears the costs? Civilians and private sector entities may become collateral damage in state-sponsored cyber attacks.
Bridge questions: What ethical frameworks should govern cyber warfare to protect civilian infrastructure? How might Iran’s apparent restraint in cyber retaliation reflect a broader strategy or limitation? What would it take to shift cyber warfare from a covert tool to a regulated domain of conflict?
Counterstrike scan: A coordinated influence campaign would amplify the narrative of cyber dominance to deter adversaries while downplaying vulnerabilities. The actual content aligns with this pattern by emphasizing U.S.-Israel cyber superiority and Iran’s limited response, but it does not exhibit overt manipulation. The article’s focus on operational secrecy and strategic ambiguity is consistent with standard military communication practices rather than a deliberate disinformation playbook.
Sentinel — Human
The article shows strong signs of human authorship, with stylistic irregularities, passionate emphasis, and contextual digressions that are unlikely to be generated by AI.
