Israel is under sustained global-scale cyberattack, according to Microsoft’s Digital Defense Report 2025, released Thursday.
The annual study, covering trends between July 2024 and June 2025, ranks Israel third worldwide in the number of cyberattacks recorded during the first half of 2025, accounting for 3.5% of all global incidents. Only the United States, with 24.8%, and the United Kingdom, with 5.6%, faced more attacks.
Microsoft’s data points to an even starker picture in the Middle East and Africa, where Israel experienced 603 cyberattacks, roughly 20.4% of all incidents in the region, a rate far higher than any other country. The report underscores what it describes as an “exceptionally high” threat level against Israeli government institutions, as well as the public and private sectors. Government bodies remained among the most targeted, representing 17% of attacks during the period.
The report identifies Iran as one of Israel’s leading cyber adversaries, stating that about 64% of all Iranian state-linked cyber activity worldwide was directed against Israeli targets. According to Microsoft’s threat intelligence team, Tehran’s operations aim to gather intelligence on Israel, recruit individuals for hostile activity, disrupt vital services, retaliate without direct military confrontation and project technological power.
Microsoft notes that Iran’s cyber efforts have intensified alongside regional tensions and that its tactics increasingly blend espionage, influence operations and attempts to damage public trust. The report describes the campaigns as part of an ongoing cyber war between the two nations that parallels their wider strategic rivalry.
Beyond Iran, the company says Russia has expanded its cyber operations, with actors linked to Moscow targeting small businesses in countries that support Ukraine. These attacks often serve as entry points into larger corporations - a method that could also threaten Israeli companies with international operations or supply-chain ties.
Wartime surge in cyberattacks
While Microsoft’s global findings are based on data through June 2025, Israeli security and cyber officials report an unprecedented escalation in hostile cyber activity since the outbreak of the war against Hamas in October 2023.
The National Cyber Directorate reported a 24% increase in reports of cyber incidents in 2024, totaling roughly 17,000 cases. A separate report from the Shin Bet security agency found that the number of cyberattacks against Israel rose fivefold since the war began, compared with previous years. Private cybersecurity firms have documented even sharper spikes, some as high as 700%, in attempted attacks on Israeli targets.
The main sectors affected include communications, finance, technology, healthcare and critical infrastructure. Officials attribute the escalation directly to the geopolitical situation, saying that international conflicts are fueling state-backed cyber campaigns and hacktivist activity directed at Israel's critical infrastructure and government systems.
Criminals still pose the biggest day-to-day threat
Alongside state-backed operations, Microsoft highlights a parallel surge in financially motivated cybercrime. The company says more than half of all cyber incidents with identifiable motives in 2025 were driven by financial gain, including ransomware and extortion schemes. Only 4% of attacks were conducted solely for espionage.
The report describes a continuing reliance on familiar methods. About 28% of major breaches began with phishing or social engineering tactics, and 18% exploited vulnerabilities in exposed or unpatched systems. Hackers commonly obtain login credentials from leaked databases or use “infostealer” malware to harvest browser data and passwords.
Microsoft warns that many organizations remain vulnerable because of weaknesses in their Active Directory systems — the internal Microsoft framework used to manage employee access and permissions. Configuration errors in these systems, the company says, have become one of the most frequent entry points for hackers. The U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) recently listed such flaws among the top 10 causes of corporate breaches, most of them tied to Windows or Active Directory misconfigurations.
AI becomes both a weapon and a shield
In its broader conclusions, Microsoft calls on corporate leaders to treat information security as a strategic national and business priority. Traditional defenses, the company warns, are no longer enough to deter increasingly sophisticated adversaries.
Artificial intelligence, it says, has transformed both sides of the cyber battlefield. Criminals and state actors now use AI to automate phishing campaigns, generate convincing fake messages and identify system weaknesses at scale. At the same time, AI tools are helping defenders detect threats faster and close security gaps in real time.
For organizations seeking basic but critical protection, Microsoft’s recommendation is clear: implement phishing-resistant multifactor authentication, or MFA. The company says MFA can block more than 99% of identity-based intrusion attempts, the root of nearly every cyber breach recorded worldwide.