Israel logged roughly 4,800 hostile cyber incidents in June 2026, up from about 1,600 a year earlier, the head of its National Cyber Directorate told a German newspaper.
The fighting between Israel and Iran has a ceasefire. The fighting in cyberspace does not, and the numbers from the past year show it widening rather than cooling.
Yossi Karadi, director general of Israel’s National Cyber Directorate, told the German newspaper Die Welt that the country registered around 4,800 hostile cyber incidents in June 2026, roughly three times the some 1,600 it logged in the same month of 2025.
Both figures fall in periods of open military conflict between the two countries, which makes the year-on-year jump the more striking measure of how far the digital campaign has escalated.
Karadi framed the contrast in plain terms. “Unlike in the kinetic realm, there’s no ceasefire in cyberspace,” he said. The remark lands harder against the backdrop of a year in which the kinetic realm produced one.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
The attacks, according to Karadi, were aimed at a broad spread of targets: the systems behind Israel’s critical infrastructure, large central organisations, small and medium-sized companies, and ordinary members of the public. Among the smaller victims he named law practices and accounting firms, the sort of businesses that hold sensitive client data without the security budgets of a utility or a bank.
What he stopped short of claiming was a breach of the most sensitive systems. “So far, and hopefully it stays that way, we’ve managed to fend off attacks on critical infrastructure,” Karadi said. The hedging is deliberate. A cyber chief counting incidents in the thousands is not in a position to promise the streak holds.
He also flagged a qualitative shift rather than a purely numerical one. Some of the groups operating against Israel are, in his assessment, genuinely capable. “Some groups are very skilled,” he said. “We can handle them, but we have to take them seriously.”
That phrasing, capable but contained, runs through much of how Israeli officials have described the Iranian cyber threat over the past year.
It tracks with what Karadi himself said earlier in 2026, when he described Iran’s hackers as coordinating more closely than before, pooling effort across what had previously looked like a scatter of loosely affiliated groups. A more organised adversary is a harder one to count, and a harder one to keep out.
The incident totals are the directorate’s own tally, and Karadi did not publish a breakdown of how the 4,800 figure divides between serious intrusions and the low-grade probing that fills the daily noise of any national network.
That distinction matters, because not every “incident” is an attempted breach of a power grid. Many are nuisance-level attempts that never get close.
What is not in question is the direction of travel. The cyber dimension of the Iran-Israel confrontation has expanded across two consecutive summers of open conflict, and the official charged with defending against it is describing an adversary that is both more active and better organised than a year ago.
The geopolitics of that contest reach well beyond the two countries. Iranian-linked groups have featured in market-moving episodes across the region, and Western security agencies have repeatedly warned of spillover against companies and infrastructure far from the front line. A ceasefire on the ground, by Karadi’s account, has not extended to the networks.
Get the TNW newsletter
Get the most important tech news in your inbox each week.