What role has cyber warfare played in Iran?

When it comes to military firepower, the US and Israel are not shy about how they are attacking Iran.

With professional photos and slick videos, US Central Command has been posting every few hours on social media about the kinds of weapons, jets and ships being used.

But the US and Israel are far more coy on what is happening in cyber-space.

Over hours of press conferences, speeches and dozens of social media posts, mentions of cyber operations are vanishingly rare.

But cyber is indeed playing a significant role in this war, as commander of the US Central Command Admiral Brad Cooper recently hinted in a press update.

"We continue with strikes into Iran from seabed to space and cyber-space," he said.

Here is what we know about the types of cyber operations being carried out - and what it tells us about modern warfare.

Before missiles were fired

Cyber-espionage and hacking are known to play a large role in so-called "pre-positioning" for war.

General Dan Caine, chairman of the joint chiefs of staff at the Pentagon, described in a press conference how the war was enabled by months, in some cases years, of planning that went into preparing the so called "target set" for strikes.

US and Israeli hackers could have infiltrated key computer networks in Iran long before any actual strike was planned.

Computer networks behind air defences or military communications would have been high-priority targets.

The Financial Times was told by unnamed sources that CCTV and traffic cameras had been hacked by Israel to create an enormous surveillance network, in order to establish so called "patterns of life" of Ayatollah Ali Khamenei and his commanders in preparation for the strike that killed him.

Internet-connected cameras have become a target in cyber warfare as they "offer real‑time situational awareness of streets, facilities, and movement at very low cost," said Sergey Shykevich, threat intelligence expert at cyber-security company Check Point.

Commentators say this kind of information would be used alongside more traditional intelligence - such as that gathered from human spies.

"Cyber isn't usually the decisive weapon on its own; it's a force multiplier that helps shape the information environment and supports operations happening on the ground," said Tal Kollender, former Israeli military cyber-defence specialist and founder of cybersecurity platform Remedio.

In a press conference given after the initial strikes, operatives in US Cyber Command and US Space Command were described by Gen Caine as the "first movers", disrupting and "blinding Iran's ability to see, communicate and respond".

Some commentators suggest mobile phone towers were jammed or shut off to prevent the Ayatollah's security team from being warned about incoming jets, for example.

This is not confirmed but we have seen this in other conflicts, such as the war in Ukraine.

US Defence Secretary Pete Hegseth also boasted during a more recent press conference that members of the Iranian military "can't talk or communicate, let alone mount a coordinated and sustained offensive".

The comments echo the words of President Trump when praising the success of the abduction of Venezuelan President Nicolas Maduro. "The lights of Caracas were largely turned off due to a certain expertise that we have," he said after that operation.

It has not been confirmed if the president was referring to a cyber-attack, but in the newly-published US Cyber Strategy he went further in praising his cyber forces for that specific operation, saying that they rendered "our adversaries blind and uncomprehending during a flawless military operation".

Israel is also being accused of hacking a popular Iranian prayer-timing app called BadeSaba which has 5 million downloads.

Reuters reported that a push notification was sent to users just as the bombs began to hit saying "help has arrived".

Secretary Hegseth spoke this week about the continuing operation of "hunting for more systems to kill" - and cyber may well play a role in this stage of the war with operatives using open source intelligence, satellite imagery analysis and cyber-espionage to locate military targets in Iran.

The use of Artificial Intelligence (AI) tools are probably being heavily employed in this work too. A possible hint of this came again from Hegseth who praised an intelligence operative he saw in action.

"I was talking to a young colonel who's iterating on how we target and how we find and fix different aspects of what the Iranians are trying to do," he said, being careful not to give away too much detail.

The US and Israel have a long history of carrying out significant cyber attacks against Iran and are famously secretive about them.

For example, officials are still cagey about the infamous destructive Stuxnet hack on Iran's uranium enrichment facilities in 2010.

"If a country openly describes its capabilities or specific operations, it risks revealing techniques, access points, or intelligence sources that could be shut down quickly by adversaries," said Kollender.

"In cyber, the value of a capability often depends on the other side not knowing exactly how it works," she added.

Despite this, Dr Louise Marie Hurel from the Royal United Services Institute has been pleasantly surprised by the information the US is disclosing.

But she argues the war has shown that cyber should be talked about in the same way as conventional action to maintain rules of engagement.

"This is an opportunity for us to have a more public debate regarding the support and strategic advantage cyber provides in broader military campaigns and crisis.

"If cyber is openly acknowledged as integral to the strike package, it can help sharpen the questions about the laws of armed conflict, proportionality, and what counts as a use of force," she said.

A puzzling part of the ongoing war is that Iran has largely been visibly absent in the cyber domain.

The nation has long been regarded as a capable cyber power and although the western cyber-security world is braced for attacks either from the state or hackers linked to the state, there has been little activity so far.

It seems implausible that Iran is holding back in this war - so either they have been incapacitated by reported Israeli strikes, or they have been overestimated.

Their reputation has been earned by past attacks like the 2012 hack of long-time rival Saudi Arabia's oil giant Aramco that used 'wiper' malware to destroy 30,000 computers.

On Wednesday it was reported that an Iranian-linked hacking group, Handala, had hit medical technology firm Stryker with a so-called wiper malware attack.

As well as wiper attacks, Iran has been accused of attempting to meddle with critical national infrastructure to cause physical harm.

Hurel cautions against writing off Iran's ability to retaliate either directly or through vigilante hacker groups.

"I wouldn't jump to conclusions regarding Iran as we have seen considerable hacktivist activity, and public reporting has previously shown that patriotic hacker personas have sometimes been used as a facade for state-linked groups," she said.