Data Privacy

We use cookies and limited services to operate this website. Click "Accept" to consent in accordance with our Privacy Policy.

Accept
Back

Attack Infrastructure Activity Amid Israel Geopolitical Tension

Malanta Research Team
Other
20 Jan 2026
Attack Infrastructure Activity Amid Israel Geopolitical Tension
Contents
Example H2

This is a div block with a Webflow interaction that will be triggered when the heading is in the view.

Example H3

January 2026 | Malanta Research | 7 min read

Executive Summary

Malanta's continuous monitoring of attack infrastructure reveals a striking correlation between geopolitical tension and pre-attack activity. Analyzing over 4.6 million domains and nearly 2 million domain updates throughout 2025, we observed significant spikes in attack infrastructure staging that align with key events in the Israel-Iran conflict.

Key Statistics:

  • 4.6M+ Domains Monitored
  • 1.95M Domain Updates
  • +142% Oct-Nov Surge

This analysis demonstrates that adversaries prepare attack infrastructure in anticipation of or in response to geopolitical events. By monitoring Indicators of Pre-Attack (IoPAs), organizations can gain critical lead time before attacks execute.

The Hypothesis

Our working hypothesis: Attack infrastructure activity correlates with geopolitical tension, providing early warning signals of impending cyber operations.

We tested this by analyzing domain registration updates and SSL certificate issuance patterns throughout 2025, overlaying known geopolitical events:

  • June 2025: Israel-Iran military escalation (+700% cyberattack increase)
  • October-December 2025: Anniversary period of October 7, sustained regional tension
Key Finding: Domain update activity increased from 97,821 in January 2025 to 236,973 in November 2025, a 142% increase correlating with Israel-Iran tension.

Domain Activity Surge

Attack infrastructure requires preparation. Adversaries must register domains, configure DNS, and establish hosting before launching operations. Our monitoring reveals clear patterns.

Monthly Domain Update Analysis:

  • January 2025 (Baseline): 97,821
  • June 2025 (Iran Conflict): 148,482 (+52%)
  • October 2025: 211,985 (+117%)
  • November 2025 (Peak): 236,973 (+142%)

Domain update activity showing correlation with geopolitical tension periods

The data shows a consistent upward trend throughout 2025, with acceleration during periods of geopolitical tension. The October-November peak aligns with the anniversary of the October 7 events and sustained regional conflict.

SSL Certificate Patterns

SSL certificates are another critical Indicator of Pre-Attack. Attackers need valid certificates to stage convincing phishing infrastructure. A surge in certificate issuance often precedes attack campaigns.

SSL certificate issuance showing 258% increase from January to December 2025

Certificate issuance grew from 7,405 in January 2025 to 26,512 in December 2025, a 258% increase.

Why SSL Certificates Matter: Modern phishing attacks require SSL certificates to appear legitimate. A surge in certificate issuance signals attackers preparing infrastructure.

INCD Data Correlation

Israel's National Cyber Directorate (INCD) publishes annual incident statistics. This official data validates our observations.

INCD verified cyber incidents showing 55% increase from 2021 to 2024

INCD Incident Statistics:

  • 2021: 11,000+ verified incidents (Baseline)
  • 2022: 9,108 verified incidents
  • 2023: 13,040 verified incidents (+43%) - October 7 War
  • 2024: 17,078 verified incidents (+31%) - Sustained conflict
"68% of 2023's 13,040 incident reports were received during the October 7 to December 31 war period. 800 cyber incidents with significant potential damage were prevented or thwarted." — Israel National Cyber Directorate

Timeline Analysis

Mapping attack infrastructure activity against geopolitical events reveals clear correlation patterns.

Domain updates and SSL certificate issuance showing correlated spikes

Key Correlation Points:

  • June 2025 (Israel-Iran War): Radware reported +700% increase in cyberattacks over two days.
  • October-November 2025: Domain activity peaked at 236,973 updates, certificates reached 21,149.
  • Attack Types: DDoS attacks, infiltration attempts, data theft, malware distribution.

The Pre-Attack Window

Every cyberattack requires infrastructure prepared before execution. This creates the "setup window" - the gap between when attackers prepare and when they strike.

Classification of monitored domains (4.6M+ total)

Infrastructure Classification (4.6M+ domains):

  • 2.2 million (48%) classified as Malicious
  • 2.4 million (52%) classified as Indicators of Pre-Attack

Conclusion

The data supports our hypothesis: attack infrastructure activity correlates with geopolitical tension. Throughout 2025:

  • 142% increase in domain update activity (January to November)
  • 258% increase in SSL certificate issuance (January to December)
  • Clear alignment with June 2025 Israel-Iran conflict and October-November anniversary
  • Validation from INCD statistics showing 31-43% annual increases

For organizations connected to Israel, monitoring Indicators of Pre-Attack is critical. Geopolitical tension creates predictable patterns in attack infrastructure activity. By tracking IoPAs, security teams can anticipate threats before attacks execute.

"The setup window represents the opportunity for pre-attack prevention." — Malanta Research
Share this post
FacebookLinkedInX (Twitter)

Related Posts

view all
Malanta: $10 Million Seed Round Raised To Advance Pre-Attack Cybersecurity Platform

Malanta: $10 Million Seed Round Raised To Advance Pre-Attack Cybersecurity Platform

06 Nov 2025
Video Interview: Malanta Emerges from Stealth with $10M to Launch Predictive Pre-Attack Prevention Platform

Video Interview: Malanta Emerges from Stealth with $10M to Launch Predictive Pre-Attack Prevention Platform

05 Dec 2025