The Foundation for Defense of Democracies (FDD) detailed a newly emerged group calling itself Cyber Isnaad Front that has claimed attacks on Israeli government, military, and private sector networks in recent days. While the group promotes itself as an independent Arabic-language hacktivist collective, security analysts say its tactics and targeting patterns mirror those of established Iranian-linked fronts, pointing to a likely connection with Tehran’s broader cyber operations.
“Cyber Isnaad Front opened a Telegram Channel on June 17 and, the next day, claimed to have successfully compromised Israeli defense contractors and critical infrastructure providers, exfiltrating data and destroying systems,” Ari Ben Am, an adjunct fellow at FDD’s Center on Cyber and Technology Innovation (CCTI), and Max Lesser, a senior analyst at CCTI, wrote in a Wednesday policy brief. “The group’s Telegram channel has fewer than 1,000 subscribers. Regardless of its small following, the group backed up its claims of success by posting employee data, documents, blueprints, and CCTV footage of offices and factories.”
While the FDD cannot authenticate the evidence, at least some of it appears to be genuine. The posted documents have no language issues or formatting problems. Other elements, such as CCTV footage, show no obvious signs of forgery.
They added that when posting about its alleged victims, the Cyber Isnaad Front uses a modified version of the inverted red triangle that Hamas’s al-Qassam Brigades places on military targets in propaganda videos. “The Telegram channel also links to an associated dark web site, where it salutes the Palestinian nation and the children of Gaza.”
Despite formal ceasefire agreements on the ground, the cyber war is far from over, according to a Tuesday post from the KELA Cyber team. Within just one week of Israel launching Operation Rising Lion to counter Iran’s nuclear ambitions, cyberattacks against Israeli targets surged by 700%. This spike was driven by a mix of state-backed operators and ideologically motivated hacktivist groups, keeping the digital battlefield as active as ever.
FDD detailed that Cyber Isnaad Front wraps itself in the imagery of Palestinian terrorist groups, yet its tactics strongly mirror those of Iranian hackers, particularly Emennet Pasargad, now operating as Aria Sepehr Ayandehsazan (ASA). ASA is considered one of Iran’s most skilled and prolific cyber actors, with a long history of targeting Israeli, U.S., and European networks.
The FDD notes that these patterns suggest Cyber Isnaad Front is far from independent and likely tied to Iran’s broader cyber operations. “Like ASA, Cyber Isnaad Front targets Israeli critical infrastructure, government agencies, and military suppliers. Both groups post high-quality videos and stylized images, and documents showcasing hacked data. Both groups also use dark web sites and similar rhetoric alleging Israeli war crimes.”
The brief added that the Iranian influence operation ‘Attack Alarm’ also shared content from Cyber Isnaad Front. “Unlike other Iranian and pro-regime threat actors, however, Cyber Isnaad Front uses human actors in its videos instead of screen recordings or other imagery. This may be a sign of Iranian hacktivists mimicking Russia’s use of actors in its influence operations.”
“Between June 22–24, pro-Palestinian groups launched coordinated cyber offensives across multiple sectors,” according to the KELA researchers. “Dark Storm Team claimed DDoS attacks that disrupted access to major Israeli institutions, including Mercantile Bank, Union Bank of Israel, BNP Paribas’ Israeli branch, the Central Elections Committee, and national portals like the Israel Export Institute and Tehila. Simultaneously, Gaza Children’s Group and Cyber Isnaad Front targeted Gilat Satellite Networks, alleging disruptions to military communications infrastructure (claims still unverified by KELA).”
Beyond Israel, hacktivist groups escalated their activities globally. Mysterious Team Bangladesh and LulzSec Black broadened their scope to U.S., European, and Arab targets, with LulzSec Black issuing a manifesto threatening nations like the UAE and hinting at future operations against Argentina.
Meanwhile, KELA added that following U.S. airstrikes on Iranian nuclear sites, Iranian-linked groups like CyberAv3ngers are expected to intensify cyber operations against U.S. entities, with the Department of Homeland Security warning of a ‘heightened threat environment.’ Past deployments of malware such as IOCONTROL suggest that espionage, phishing, and OT/IoT targeting could be in play. In a telling social media post, the hacktivist collective Anonymous accused Russia of facilitating U.S. strikes, reflecting how cyber narratives are becoming entangled with geopolitical propaganda.
Last month, the U.S. Department of State said it is offering up to US$10 million for information on a hacker operating under the alias ‘Mr. Soul’ or ‘Mr. Soll’ that could help identify or locate members of Iran’s Islamic Revolutionary Guard Corps (IRGC) linked to cyberattacks on U.S. critical infrastructure. Six individuals have been charged under the Computer Fraud and Abuse Act for their involvement in the campaign.
