Live Wire
00:29ZTASNIMNEWSTaliban says closure of Pakistani embassy in Kabul among options00:25ZAMKMAPPINGUkrainian drones, drone-boats attack Novorossiysk in Russia's Krasnodar Krai00:23ZPRESSTVPreparations underway for farewell ceremony honoring late Ayatollah Khamenei in Tehran00:21ZAMKMAPPINGRussian drones strike Kremenchuk in Poltava Oblast; at least 17 reported00:20ZOANNTVTyler Robinson preliminary hearing to be attended by Charlie Kirk's family00:17ZFARSNAPakistani military conducts ground and air operations along Afghan border00:16ZOSINTLIVEMonaco backpack bombing injures three people, including Ukrainian oligarch Vadim Ermolaev00:14ZFARSNEWSINIsraeli War Minister Katz comments on potential Iran attack scenario
Markets
S&P 500740.65 0.04%Nasdaq25,820 2.07%Nasdaq 10029,775 2.25%Dow521.33 0.07%Nikkei93.71 0.54%China 5031.77 0.16%Europe88.22 0.22%DAX40.5 1.05%BTC$59,898 1.45%ETH$1,603 3.04%BNB$557.1 1.83%XRP$1.05 1.56%SOL$74.69 5.45%TRX$0.3204 0.34%HYPE$66.34 8.91%DOGE$0.0732 0.91%RAIN$0.0159 2.54%LEO$9.56 1.45%QQQ$723.91 0.02%VOO$680.73 0.03%VTI$367.19 0.02%IWM$298.4 0.20%ARKK$80.6 0.01%HYG$80.03 0.03%Gold$368.45 0.03%Silver$52.92 0.47%WTI Crude$106.51 0.53%Brent$40.92 0.15%Nat Gas$11.43 0.06%Copper$37.08 0.39%EUR/USD1.1406 0.00%GBP/USD1.3230 0.00%USD/JPY161.86 0.00%USD/CNY6.7940 0.00%
CLOSEDNYSEopens in 12h 58m
The Monexus
Vol. I · No. 181
Tuesday, 30 June 2026
Saturday Ed.
Updated 00:31 UTC
  • UTC00:31
  • EDT20:31
  • GMT01:31
  • CET02:31
  • JST09:31
  • HKT08:31
← The MonexusOpinion

Israel's Cyber Directorate reports a threefold rise in Iranian-linked attacks across two wars

The head of Israel's Cyber Directorate says recorded Iranian-linked attacks roughly tripled between the country's two wars with Iran — a quantitative jump that recasts the cyber domain as a frontline rather than a sideshow.

By Monexus Staff Writer·mena·4-minute read·29 Jun 2026·Live on the wire ↗
@presstv · Telegram

Israel's National Cyber Directorate has put a number on something Western and Israeli officials have been gesturing at for months. According to reporting by PressTV citing the directorate, roughly 1,600 Iranian-linked cyber attacks were recorded during Operation Rising Lion — Israel's opening war with Iran — and that figure climbed to a substantially higher count during the follow-on operation, "Operation Feeding the L[ion]," a jump the directorate's head characterised as roughly a tripling of activity over the year.[1] A separate post on X by Sprinter Press restated the same figures on 29 June 2026, 19:22 UTC, attributing them to the same official briefing.[2]

The figure does not exist in a vacuum. It is the first time an Israeli official has publicly quantified the cyber dimension of the two wars at this resolution, and it lands at a moment when Israeli and US cyber operators are openly debating whether offensive cyber action is a substitute for, or merely an adjunct to, kinetic strikes.

What the number actually says

PressTV's framing leans on the Israeli directorate's own statement. Israeli public messaging on cyber has historically favoured operational silence, partly because disclosing intrusion volume can reveal which detection capabilities work and which do not. Putting a figure on the table — 1,600 incidents in one war, then roughly triple that in the next — is therefore a deliberate signal. It tells domestic audiences and allies that the threat is escalating; it tells adversaries that Israeli detection is sharper than they may have assumed; and it tells the foreign-policy audience that the cyber theatre is no longer subordinate to air and ground campaigns.

There is a caveat the wire coverage does not surface. "Iranian-linked" is an attribution label, not a confirmed-state-actor finding. Private hacktivist crews, criminal ransomware operators, and nominally independent proxies all operate under that umbrella in the public reporting. The directorate's methodology — what counts as an "attack," what counts as "linked" — is not in the public record from these briefings. That is the first place an independent reader should push back.

The structural shift underneath the headline

Cyber operations in the Israel–Iran confrontation have moved through three distinct phases. In the 2010s and early 2020s, the public record consisted mostly of denial-of-service nuisance attacks and a handful of well-publicised intrusions (the Shamoon-style disk-wipers, the Stuxnet-era precedents). Through the late 2020s, the volume and the targeting quality both rose — finance, water utilities, and industrial control systems appeared in Israeli and US advisories. By the period covered in the directorate's briefing, the cadence has reached a level at which Israeli officials are willing to describe it as a war domain rather than a background nuisance.

What changed is not just volume. It is the integration. Israeli and US strikes on Iranian nuclear and missile infrastructure during the two wars were preceded and accompanied by cyber operations designed to degrade Iranian air defence, communications, and command-and-control. The Iranian response is the inverse mirror of that doctrine: layered, distributed, and aimed at civilian-facing Israeli systems where the political cost of a partial outage is highest. The directorate's "tripling" figure is best read as the public footprint of that integration, not as a stand-alone statistic.

What remains contested

There is no public Israeli breakdown of how many of the recorded incidents achieved any operational effect, nor how many were blocked at the perimeter. Iranian state-aligned outlets have, in parallel coverage, framed their cyber activity as defensive retaliation for kinetic strikes, and have disputed Western attributions of specific incidents. The directorate's number is the headline; the denominator — successful intrusions versus detected attempts versus repelled probes — is what would actually settle whether the threat trajectory is as steep as the briefing implies.

It is also worth noting that PressTV is Iranian state media. The outlet is reporting Israeli official figures here, which gives the number a dual provenance, but the framing language ("tripled," "recorded") flows from the Israeli briefing, not from PressTV's own count. Readers should treat the quantitative claim as Israeli-attributed and the editorial spin as Iranian-channel-curated.

The forward view

If the trajectory holds, three things follow. Israeli critical-infrastructure operators should expect detection budgets and incident-response staffing to scale faster than headline defence spending suggests. Regional allies — particularly Gulf states that have absorbed a share of Iranian cyber activity in past years — will face pressure to align their own cyber doctrines with Israel's detection-and-attribution posture. And the question of whether offensive cyber is treated as a war-fighting domain under existing international humanitarian law will move from academic seminar to live policy negotiation.

For now, the number to watch is the next one. The directorate has put a stake in the ground at roughly 1,600 and then roughly triple that. Whether the third war's figure, if it comes, climbs further or plateaus will tell observers more about the underlying contest than any amount of ministerial rhetoric.

Desk note: Wire coverage of the briefing ran primarily through Iranian-state PressTV and the X account of Sprinter Press on 29 June 2026. Monexus framed the story on the Israeli attribution itself rather than on Iranian outlet spin, and flagged the "Iranian-linked" label as an attribution category rather than a confirmed state-actor finding.

Wire provenance

This editorial synthesis draws on the following public wire/social posts:

  • https://t.me/presstv/
© 2026 Monexus Media · reported from the wire