Shafaq News

Cyberattacks are quietly reshaping the Middle East, turning everyday systems—from banks to power grids—into potential targets. Across the region, states face growing challenges as advanced digital tools make attacks faster, more precise, and harder to detect, highlighting stark contrasts between countries with robust cyber defenses and those vulnerable to disruption.

The rising threat raises urgent questions about whether Middle Eastern nations are equipped to safeguard critical infrastructure from large-scale cyber assaults.

Weak Tech Shield

Cyberattacks take many forms, including infiltrating government or corporate networks, spreading malware, disrupting essential services like power and communications, exfiltrating sensitive data, and shaping public opinion or election outcomes.

Iraqi security expert Ali al-Maamari emphasized that Iraq, like many regional neighbors, currently lacks the capacity to manage cyber warfare on a large scale.

“Countries, including Iraq, Lebanon, Syria, and Yemen, are not equipped to handle these sophisticated digital threats due to weak technical infrastructure and the absence of clear cyber emergency plans,” al-Maamari explained to Shafaq News.

Read more: Iraq: A soft target in the Middle East’s cyber battlefield

He also noted that Iraq’s security leadership remains focused on conventional warfare, while cyberspace has emerged as a fully operational battlefield, with no strong external framework overseeing the country’s cyber defense.

“These attacks targeting essential sectors such as banking, energy, and communications could paralyze the state entirely,” he added.

Rapid digital transformation has made cyberattacks a central tool of modern conflict, often replacing direct military engagement, according to cybersecurity specialist Mustafa al-Moussawi. He highlighted Israel’s advanced capabilities, pointing to specialized units able to disrupt electricity, water, and government services.

Yet al-Moussawi observes a paradox in Iraq and Yemen, where underdeveloped digital infrastructure makes large-scale breaches technically difficult. “Weak technological systems, despite their drawbacks, may unintentionally serve as a shield against advanced cyberattacks,” he explained.

Read more: Iraq’s golden opportunity: A new dawn for regional influence

While countries such as Saudi Arabia, the UAE, Qatar, and Morocco have made significant strides in cybersecurity, Israel and the United States maintain technological dominance. Al-Moussawi noted that Iraq depends almost entirely on American-made devices, servers, and technologies, yet some assume these systems are immune to breaches from the same sources.

“This reflects a dangerous gap between technological adoption and security awareness,” he concluded.

Read more: Brainpower and bytes: Iraq’s race for AI supremacy

New Front Line

Yemen provides a vivid example of regional cyber risks. A July 2025 report by The Cradle revealed that from October 2023, the United States and Israel intensified cyber-espionage operations against the Houthis, using deceptive messages, recruitment ploys, and front organizations to penetrate the group’s internal networks.

Authorities in Sanaa, however, reported the dismantling of over 1,780 spy cells since 2015, along with the interception of “Unit 400,” a joint US-Israeli operation active along the western coast in May 2024.

The campaign, the report added, aimed to fill an “intelligence vacuum” in Yemen after the Houthis joined direct confrontations alongside Gaza, underscoring how digital warfare now extends beyond traditional battlefields.

Retaliation Strategy

Political analyst Ali Akbar Barzanouni highlighted that Iran recognizes the growing cyber threat and is systematically developing both defensive and offensive capabilities.

“Iran is establishing quiet alliances with partners like Yemen, promoting knowledge, technology sharing, and coordinating with countries such as Russia and China,” Barzanouni conveyed to Shafaq News, stressing that cyber defense alone is insufficient and retaliatory operations are crucial to deter attacks on Iranian infrastructure.

The 2010 Stuxnet virus attack on the Natanz nuclear facility prompted Tehran to increase cybersecurity investment by more than 120% over five years. By 2012, it had established the Supreme Cyberspace Council to oversee digital strategy through 2030 and has since supported the launch of over 50 domestic cybersecurity startups.

Currently, Iran allocates roughly $1.2 billion annually to cybersecurity. While modest compared with global powers, this figure surpasses the budgets of most Arab states. The Iranian military integrates cyber capabilities with missile and drone operations, enhancing readiness for reciprocal attacks.

Iran is also developing closed regional networks with allies in Lebanon, and Iraq to secure data transfers outside global networks, reducing vulnerability to intrusion.

Over the past decade, Tehran has institutionalized cyber warfare under its Islamic Revolutionary Guard Corps (IRGC), particularly through the Cyber Electronic Command and Shahid Kaveh units, which coordinate cyber operations and counter-intrusion programs. These entities protect critical infrastructure—nuclear, energy, and defense facilities—while conducting precision counter-cyber missions against hostile states.

Iran’s cyber divisions have also evolved into one of the most active state-linked hacking ecosystems in Asia. Groups such as APT33 (Elfin), APT34 (OilRig), and Charming Kitten (APT35) have targeted financial, defense, and governmental institutions across the United States, and Israel. Their operations employ customized malware and credential-harvesting campaigns designed to collect intelligence or disable adversarial systems.

Unlike most Arab states reliant on imported software and foreign-managed networks, Iran has built a largely domestic digital ecosystem. The National Information Network (NIN)—a semi-isolated national internet—now connects over 60% of government agencies and more than 3,000 public platforms, ensuring continuity of state communication in the event of external disruption.

While Israel retains regional superiority, Iran’s strength lies in state integration and self-reliance. A 2025 assessment by the International Institute for Strategic Studies (IISS) ranked Israel first in the Middle East for offensive cyber capacity, with Iran second, followed by the UAE and Saudi Arabia. Iran, however, outperformed most Arab nations in defensive maturity and indigenous technical production, narrowing the gap.

As Barzanouni emphasized, “Iran’s cyber doctrine no longer views the digital domain merely as a shield but as a deterrent weapon integrated into its broader strategic calculus.”

Cyber Exposure

In Lebanon, online networks remain exposed to persistent threats from foreign surveillance and proxy cyber operations, a vulnerability amplified by limited resources and aging infrastructure.

The absence of a unified national cybersecurity framework has left state institutions, telecom operators, and banks operating in isolation — a setup specialists describe as a “permanent open gate for digital infiltration.”

Dr. Mohammad Awada, an EdTech specialist, explained to Shafaq News that, unlike countries with centralized cyber-defense systems, Lebanon functions ‘’in silos, giving foreign actors — particularly Israel — unprecedented access.”

Between 2020 and 2024, the Lebanese Information Technology Association reported over 2,300 cyber incidents. In one 2022 case, hackers infiltrated a Beirut-based telecom provider and released customer data linked to political groups and NGOs, highlighting the fragility of national digital systems.

Israeli intelligence has also maintained continuous digital surveillance across Lebanon, focusing on communication channels connected to Hezbollah, the Ministry of Telecommunications, and state security agencies. In 2021, investigators traced several network breaches to Israeli-linked malware designed to disrupt internal coordination.

A 2023 joint report by the University of Toronto’s Citizen Lab and Amnesty International confirmed the deployment of Pegasus spyware against Lebanese politicians, journalists, and Hezbollah media staff, with servers operating from Israel and Cyprus channeling stolen data from compromised devices.

Awada further cited the 2024 explosions of pagers and walkie-talkies used by Hezbollah as a “clear example of how cyber and kinetic tactics are now intertwined,” noting that the devices had been compromised during manufacturing, exposing a sophisticated supply-chain breach.

Lebanon’s strategic location has also made it a testing ground for regional cyber tactics. Some attacks on its national networks acted as trial runs for broader operations in neighboring states, allowing actors to refine malware and infiltration methods.

‘’Israel’s intelligence services have long treated Lebanon as a live testing ground for cyber operations,” Awada emphasized, adding that it combines psychological and digital tactics to monitor and influence Lebanese targets.

Despite efforts by Lebanon’s General Directorate of General Security (GDGS) and the Information Branch to strengthen defenses, overlapping jurisdictions and limited funding continue to hamper coordination.

The Cybersecurity Strategy 2022–2027 remains under-resourced, with an annual budget of around $20 million — largely covering maintenance rather than advanced threat detection. By comparison, Israel allocates more than $3 billion annually and employs over 15,000 cyber professionals, while Lebanon has fewer than 400 experts.

Awada highlighted that most critical Lebanese institutions still rely on foreign-hosted servers and unsecured cloud systems, adding that ‘’Lebanon has no systematic data-protection law, no national CERT capable of rapid response, and no long-term digital-sovereignty plan.”

Still, universities and private firms are beginning to fill some of these gaps. The Lebanese American University and the American University of Beirut now offer programs in digital forensics, while local companies such as DarkShield Lebanon and TechWave focus on securing banking and healthcare networks.

Awada called for the establishment of a national digital-security council to bring together telecom operators, intelligence agencies, and universities under a single coordinated response framework.

“Cybersecurity isn’t just about firewalls,” he concluded. “It’s about sovereignty — whoever controls your data controls your future.”

Spyware Target

Jordan faces its own cyber threats, despite not being directly engaged in regional conflicts. Political analyst Hazem Ayad reported to Shafaq News that the country recorded 1,600 digital attacks this year, mostly low-level threats.

“The next phase could be significantly more dangerous,” Ayad warned, noting that if Israel, with US backing, targets Jordan, Saudi Arabia, or Egypt, regional cooperation and robust cyber systems become essential.

Ayad further highlighted Israel’s “formidable digital espionage capabilities,” including sophisticated spyware such as Pegasus, which has infiltrated security systems across the region.

Data from Jordan’s National Cybersecurity Center shows that in 2022, more than 50 government and educational institutions faced advanced phishing attacks. In 2023, hackers attempted breaches of the energy sector, prompting Amman to launch a national cybersecurity plan covering 2023–2027.

Jordan’s cybersecurity budget, approximately $70 million annually, remains small compared with the UAE’s $1.5 billion. The country also confronts a shortage of skilled professionals, needing an estimated 5,000 cyber experts by 2030 but currently hosting only 700, many of whom work abroad.

Ayad observed that Jordan’s geographic position could turn it into a data transit hub, potentially exploited in broader regional conflicts, and further reinforcing the need for strong domestic and regional cyber cooperation.

The struggle for digital sovereignty in the Middle East goes beyond firewalls and cybersecurity specialists. It reflects a wider contest over who will shape the region’s future and who risks being left behind. Israel’s cyber edge stems not only from advanced technology but also from an ecosystem that combines innovation, intelligence, education, and capital.

By contrast, Arab cybersecurity remains fragile, largely due to gaps in political will and strategic planning rather than inevitability.

Addressing this challenge requires more than emergency cyber units or short-term financial investment. The region needs a comprehensive digital sovereignty strategy: cultivating cybersecurity skills from an early age, building secure domestic networks, and forging regional partnerships to reduce dependence on global technology monopolies. Without a clear vision to shape its own digital future, the region risks letting others determine it.

Written and edited by Shafaq News staff.

Source