The recent military campaign involving the United States and Israel against Iran, which has now stretched into a broader regional confrontation, has underscored the growing importance of cyber operations in state-level conflict, according to CloudSEK CEO Rahul Sasi.
Sasi characterized cyber activity as more than a series of isolated intrusions. Instead, he described many operations as "pre-positioned, long-term efforts that can be activated during periods of heightened tension." These campaigns, he said, are frequently blended into a broader strategic continuum and can include espionage, data manipulation, service disruption, or influence campaigns - actions that often remain below the threshold of traditional military escalation.
Advances in artificial intelligence are changing the operational profile of such campaigns. Sasi noted that AI has improved both the scale and the sophistication of cyber activity by providing tools for quicker reconnaissance and more effective evasion techniques. He framed these developments as enabling actors to move faster and operate with increased subtlety in the digital space.
Public acknowledgment of cyber operations tied to the conflict has been limited among Western military officials. U.S. Central Command Admiral Brad Cooper has only hinted at the use of such capabilities during press briefings. By contrast, some Iranian-aligned groups have openly claimed digital actions. A notable example occurred earlier this month when an Iranian-backed hacking group claimed responsibility for a cyberattack on U.S. medical devices manufacturer Stryker.
Quantitative data cited in recent reporting further illustrates the scale and diversity of activity. Security firm DigiCert reported that nearly 5,800 cyberattacks have been attributed to almost 50 different groups with ties to Iran, with most targeting companies in the United States and Israel. DigiCert also identified attacks on networks in Persian Gulf states including Bahrain, Kuwait, and Qatar.
CloudSEK's own tracking showed a surge in activity among Iran-aligned hacktivist groups following the initial U.S. and Israeli strikes on Tehran in late February. The tracker identified more than 60 such groups mobilizing in the hours after those strikes. Sasi drew a distinction between operations led by the Islamic Revolutionary Guard Corps and those by hacktivists: IRGC-driven campaigns tend to emphasize persistence and strategic timing, while hacktivist groups act in a reactive and opportunistic manner.
Attribution, Sasi cautioned, remains a substantial challenge. The difficulty of confidently tying a particular incident to a specific actor complicates efforts to hold perpetrators accountable, undermines deterrence, and increases the likelihood of prolonged, low-intensity cyber activity.
Importantly, Sasi rejected the notion that cyberattacks are merely auxiliary to physical combat. He argued they are an integrated component of military strategy, employed before, during, and after kinetic engagements. As cyber actions increasingly intersect with civilian infrastructure, Sasi said, this raises pressing questions about the resilience of critical systems and protections required to safeguard them.
Summing up, Sasi emphasized that modern conflict extends into digital domains where access, persistence, and timing can produce strategic effects that are often not immediately visible.