The Cyber Wars That Weren’t
Editor’s Note: this article is being republished with the permission of the Irregular Warfare Initiative as part of a republishing arrangement between IWI and SWJ. The original article was published on December 30, 2025 and is available here.
At the onset of the Israel-Iran conflict, news websites warned the public of the possible collateral damage the Israel-Iran fight could generate in cyberspace. The ominous warnings about the hacktivists flocking to both sides of the conflict were remarkably similar to those issued at the onset during the beginning of the Russia-Ukraine and Israel-Hamas conflicts. Yet, despite the participants of these conflicts standing as some of the most cyber-capable states in the world, activities in cyberspace failed to translate into a meaningful battlefield effect, drawing into question the military utility of offensive cyber operations. This article analyzes the use of offensive cyber operations across the Russia-Ukraine, Israel-Hamas, and Israel-Iran conflicts and outlines lessons learned for how offensive cyber operations can factor into future conflicts.
Jumping the Gun? Timing Cyber & Kinetic Attacks
The onset of hostilities in all three conflicts included a flurry of cyber activity seemingly in tandem with attacks in the physical domain. Yet, there are meaningful differences regarding the nuanced timing of these cyberattacks that are indicative of two distinctly different offensive cyber strategies.
In the Russia-Ukraine conflict, Russia’s perpetual harassment of Ukraine in the virtual domain intensified with a wave of significant cyberattacks targeting Ukraine a full month prior to Russia’s kinetic attacks. This was followed by a second wave of significant cyberattacks in the 24 hours immediately preceding Russia’s multi-axis invasion of Ukraine.
In contrast, the months and days preceding Hamas’s attack on Israel were as unremarkable in cyberspace as they were the physical domain. Then, on October 7, 2023, Hamas launched its first cyber salvos twelve minutes after Hamas initiated its highly coordinated, multi-axis surprise attack against Israel. Lastly, on June 13, 2025, Israel launched its own surprise airstrikes against Iran while appearing to wait nearly a week to launch any major cyberattack against Iran.
Russia’s use of cyberattacks preceding a ground invasion in Ukraine bear similarities to Russia’s use of offensive cyber prior to its invasion of Georgia in 2008, yet Russia’s belligerent cyber against Ukraine provided early evidence and warning of the pending invasion. In contrast, the lack of preceding cyberattacks against Israel in the run-up to Hamas’s October 7th attacks likely reflect a prioritization of operational security which almost certainly made the attack in the physical domain more effective. Prioritizing operational security for kinetic attacks in the physical domain and delaying attacks in cyberspace appeared to be Israel’s preferred strategy as well.
Global Virtual Participation in Physically Regional Conflicts
In the physical domain, the Russia-Ukraine, Israel-Hamas, and Israel-Iran conflicts are best categorized as regional conflicts fought by singular actors on each side. In the cyber domain, however, all three conflicts are global. In each of these instances, a variety of “hacktivist” groups and cybercriminals quickly entered the fray, with different groups fighting on either side of each conflict.
For the Russia-Ukraine conflict, Ukraine both encouraged and embraced wide-ranging hacktivist support while Russia quietly received at least some level of non-government hacktivist support augmenting its own cyber-capable intelligence services and military units. Yet for both the Israel-Hamas conflict and Israel-Iran conflict, the greater preponderance of hacktivist groups attacked Israel regardless of Israel’s status as the victim of the Israel-Hamas conflict and aggressor in its conflict with Iran.
All Bark and No Bite?
Although the Russia-Ukraine conflict is ongoing, available evidence suggests that cyberattacks have had only a limited impact in all three of the conflicts. Rather, the impact of cyber appears to be negligible and overshadowed by events occurring in the physical domain.
At the onset of the Russia-Ukraine conflict, analysts and pundits feared Russian cyberattacks would take down Ukraine’s critical infrastructure and the Ukrainian people’s ability to rally behind its government and military. While Ukraine’s electric grid, water supply, and other critical infrastructure elements indeed fell under Russia’s crosshairs, glide bombs, unmanned aerial vehicles, and ballistic missiles proved to be the preferred weaponry or at least more effective than cyberattacks.
Similarly, initial accounts that hackers breached Israel’s Iron Dome missile defense system prompted fear Hamas’s missiles would freely rain across Israel. In actuality, Israeli missile defense appeared to remain largely capable of defending against rocket attacks while physical hostage taking, not rocket launches, loom as the Hamas’s most effective tactic employed against Israel thus far.
For the Israel-Iran conflict, a pro-Israeli group claimed credit for an attack against an Iranian bank and cryptocurrency exchange. Additionally, it was probably a cyberattack that was responsible for Iranian state TV broadcasting anti-regime messages but none of these actions appear to have meaningfully impacted the conflict.
In all three cases, the fear of what cyberattacks might do outpaced what cyberattacks accomplished in these conflicts. Although the timing of cyberattacks at the onset of hostilities in these conflicts indicates that Russia, Hamas, and Israel factored offensive cyber operations into their planning, both state-sponsored actors and hacktivist groups have yet to translate such activity into more than tactical disruption. Cyberattacks in all three conflicts appear to have failed to result in any meaningful impact on the overall state of these conflicts.
Lessons for Future Conflict
For advanced offensive cyber powers like the United States and United Kingdom, these conflicts offer great insight into the potential role of cyberattacks in future conflicts. At the core are policy issues, military strategy considerations, and operational planning lessons worth understanding.
From a policy standpoint, the most significant revelation is that cyberattacks have not sparked any escalation in either conflict. This is significant given the inherent concern regarding escalation for any conflict involving nuclear powers. While there certainly have been issues and events in the physical domain, such as attacks on the Kerch bridge, or airstrikes in Lebanon, which resulted in at least short-term escalation in both the Russia-Ukraine and Israel-Hamas conflicts, neither Russia nor Ukraine appear phased by the ongoing spate of cyberattacks. Meanwhile both Israel-Hamas and Israel-Iran have largely abandoned cyberattacks and appear unconcerned with the ongoing low-level hacktivist cyberattacks launched on their behalf.
Perhaps linked with the lack of escalation in cyber, is the lack of attribution by cyberattack victims. While many hacktivist groups quickly claimed responsibility for their attacks, the victims of cyberattacks remained quiet during both conflicts. Although it’s more difficult to identify the perpetrators of a cyberattack than an attack in the physical domain, it is well within the capabilities of Ukraine, Russia, Israel, and Iran to do so if they wanted to.
The policy implication here is that the lack of public attribution, let alone reprisal or escalation, means both state-sponsored actors and hacktivist groups can wage cyberattacks with little fear of recourse. Given what transpired thus far in each studied conflict, one should expect states with offensive cyber programs could become opportunistic in conducting cyberattacks during conflict regardless if they are a direct participant or a third-party partner. Cyberattacks may even be the ideal tool for third-party interventionist states to impose costs and weaken adversaries otherwise distracted by higher priority hostilities in the physical domain.
From a military strategy standpoint, the value of cyberattacks in support of military operations remains uncertain. History will show Russia fumbled its invasion of Ukraine in multiple ways. In the cyber domain, Russia’s actions may have actually been counterproductive. Not only did Russian cyberattacks fail to intimidate Ukraine’s population or set conditions for a quick government capitulation, Russia’s cyberattacks against Ukraine served as an indication of the impending invasion and bolstered the West’s public characterization of Russia as an undeterred aggressor. Hamas employed a different cyber strategy, which ensured actions in the cyber domain did not undermine operations in the physical domain, but were nonetheless insignificant in terms of the overall conflict.
From an operational planning perspective, cyberattacks will not “knock down the door” in advance of kinetic attacks and are not suited to providing the decisive blow in a conflict. Cyberattacks are most usefully viewed akin to sabotage operations, in that both can be conducted behind enemy lines to support the overall war effort but not in a manner that will necessarily generate headlines or be immediately understood by the general public. Much like sabotage operations, ensuring the maximum impact of cyberattacks depends on intentional targeting efforts to understand when and where to best exploit an adversary’s critical vulnerabilities.
Another operational planning consideration is that the large number of moderately capable hacktivists joining conflicts should dissuade state-level actors from pursing easily accessible or vulnerable targets of opportunity an effort to “do something” right away. Pursuing such low-hanging fruit becomes problematic since hacktivist groups typically employ a similar strategy of striking easily accessible targets of opportunity first. The low barrier to entry in the cyber domain means multiple state-sponsored and hacktivist groups may inadvertently and unknowingly work the same target. When this happens and the one group launches a cyberattack against the target, it will typically render everyone else’s work moot and efforts wasted. To avoid this situation, cyber-capable states are best assuming hacktivist groups will seize easily accessible targets and focus on the strategic value of possible cyber-target over ease of access.
Conclusion
In an increasingly digital world, it makes sense that warfare also goes digital. The Russia-Ukraine, Israel-Hamas, and Israel-Iran conflicts both provided glimpses into what the future convergence of physical and digital warfare may look like. Growing digital connectiveness equates to more potential cyber targets and a growing tech savvy populace equates to more potential digital combatants. As such, cyberattacks are likely to remain an element of warfare, whether employed by civilian hacktivists or state-level actors.
In terms of overall international security, it is a good thing that cyberattacks did not spur escalation in either conflict. For practitioners of both offensive cyber and cybersecurity, this lack of escalation also means cyberspace remains a domain of action where a wide range of actors will continue to attack one another in support of their respective cause. Understanding the use of cyberattacks in both the Russia-Ukraine, Israel-Hamas, and Israel-Iran conflicts and applying lessons learned from these conflicts should enable future combatants to more effectively leverage the cyber domain during times of conflict.
Disclaimer: The views expressed in this article are those of the author and do not reflect the official policy or position of the United States Army, Department of Defense, or the United States Government.
Check out all that Small Wars Journal has to offer and be sure to check out all our IWI republishing.
