Israel ranks third worldwide in cyberattacks, Microsoft says

Israel ranks third in the world for the number of cyberattacks, behind only the United States and the United Kingdom, according to Microsoft’s 2025 Digital Defense Report. The data shows that 3.5% of all global cyberattacks were directed at Israel, compared with 24.8% targeting the U.S. and 5.6% the U.K.

In the Middle East and Africa, Israel topped the regional list, absorbing 20.4% of all cyber incidents, a total of 603 documented attacks.

Hacker.

The report highlights Iran as one of Israel’s most persistent adversaries in cyberspace. Roughly 64% of all Iranian cyber activity worldwide was aimed at Israeli targets, with goals ranging from intelligence gathering and service disruption to propaganda and technological displays of power.

Globally, government agencies were among the most frequently targeted, accounting for 17% of all identified attacks. However, financially motivated crime remained the dominant force behind most incidents. In 80% of cases, attackers sought to steal information, and in more than half of known attacks (52%), the motive was extortion or ransomware.

Only 4% of the attacks were driven purely by espionage. Despite the continued presence of state-sponsored operations, Microsoft noted that most organizations face threats from opportunistic cybercriminals seeking quick financial gain rather than geopolitical objectives.

Cybercriminals increasingly focus on essential public services, including hospitals, local authorities, and transportation systems, where attacks can directly affect citizens’ daily lives. These sectors remain vulnerable due to outdated infrastructure and limited security budgets, making them prime targets for financially driven hackers.

Microsoft’s report also points to an upsurge in state activity across the cyber landscape. China has expanded attacks on industries and non-governmental organizations worldwide to collect intelligence, often using covert infrastructure and newly discovered vulnerabilities.

Iran, in addition to targeting Israel, has extended operations to Europe and the Persian Gulf, focusing on shipping and logistics companies to obtain commercial data.

Russia, still engaged in the Ukraine war, has widened its focus to include small businesses in NATO countries, with such attacks rising 25% year over year.

North Korea was found to be deploying IT professionals abroad under false identities, funneling their earnings back to the regime to evade sanctions and acquire foreign currency.

The year 2025 marked a sharp acceleration in the use of artificial intelligence by both attackers and cybersecurity defenders.

Hackers now use AI to automate intrusions, identify vulnerabilities, and develop adaptive malware, while defense agencies are leveraging AI to detect and counter threats more efficiently.

Microsoft also reported a 32% increase in identity-based attacks, incidents in which attackers impersonate victims using stolen personal information. In the first half of 2025 alone, such attacks surged dramatically, with 97% relying on compromised passwords.

Most were conducted through mass password guessing or by exploiting credentials stolen from data leaks or malware. These login details are often traded on the dark web, enabling widespread exploitation.