Just days ago, Hamas militants launched an unprecedented attack on Israel, plunging Palestine and Israel into horrific conflict.
With the conflict between the two countries escalating, cyberthreat actors and hacktivists have been engaging in offensive operations on both sides. Reportedly, around 15 known cybercriminal and hacktivist groups have participated in cyber attacks.
Some of the most notable groups among them are Anonymous Sudan and Killnet, allegedly Russian-state-sponsored groups, which have each publicly claimed they will target Israeli government systems.
A Look at the Offensive Operations of Pro-Hamas Threat Actors
At this stage in the war between the two countries, there has been a substantial amount of activity leveraged against Israel by Pro-Hamas and Pro-Palestine threat actors.
Perhaps the most vocal has been Killnet, which issued a statement on its Telegram alleging that the Israeli government “supported the terrorist regime of Ukraine” and had “betrayed” Russia before warning that Israeli government systems would be targets.
However, one of the biggest attacks so far has been the sustained DDoS attacks against The Jerusalem Post’s website. Although the publication hasn’t confirmed who was behind the attack, Anonymous Sudan has claimed responsibility for the campaign.
Another active group, known as the Ghost of Palestine, has allegedly targeted over 20 government sites, including the Ministry of Foreign Affairs. FalconFeeds, which has been monitoring the group, has been questioning whether the group has been receiving support from external allies to enable these operations.
🎯 “Cyber Shadows: Real Power Behind ‘Ghost of Palestine’ & ‘Anonymous Sudan’!” 🎭
“Ghost of Palestine” has been fervently targeting Israel’s key services. They’ve hit over 20 government sites in the past day alone. Originating from a region where much of the infrastructure,… pic.twitter.com/yZ2b10P9yZ
— FalconFeeds.io (@FalconFeedsio) October 9, 2023
More broadly, Senior threat researcher at Proofpoint, Joshua Miller, told Techopedia that the organization had found that the Palestine-aligned threat actor TA402, aka Molerats, has consistently targeted Ministries of Foreign Affairs for the Gulf States.
The Other Side: Pro-Israel Cyber Operations
On the other side of the conflict, a number of threat actors have begun acting to support the Israeli state or, at the very least, taken a neutral or anti-Palestine stance.
One of the most active groups so far has been the Indian Cyber Force, which first announced plans to launch cyberattacks on Palestine from October 8th onwards.
Indian Cyber Force has posted messages on their Telegram channel, announcing plans to launch cyber attacks on Palestine starting from October 8th.#Cyberattack https://t.co/yFyXu3Xi31 pic.twitter.com/vNypCUfjoQ
— FalconFeeds.io (@FalconFeedsio) October 7, 2023
Hamas Official Website Taken Down!
Check Host: https://t.co/iW67rJGvyp
— Indian Cyber Force (@CyberForceX) October 8, 2023
In addition, a group called ThreatSec has declared itself “neutral,” in this instance stating that it will target both Israeli and Palestinian targets. The group also claims to have compromised AlfaNext, the largest internet service provider (ISP) in Palestine.
What a New Cyber War Means for The Wider World
Although the Israel-Palestine conflict has seen a high degree of violence so far, the malicious cyber activity engaged in on both sides has largely been contained.
Nation Security Agency senior cybersecurity advisor Rob Joyce explained yesterday at a security conference in Sea Island, Georgia:
“One of the big worries, of course: is there a cyber component at this point? I’d say not yet.”
That being said, Joyce did acknowledge the U.S. had observed “small denial-of-service” attacks and warned that he expected “significant events” in the future.
Joyce isn’t alone in expecting the conflict to worsen, with Risk consulting, markets, and emerging business leader at PwC, Siddharth Vishwanath, also warning that the war is “Escalating in the physical world, and it is likely [to] escalate into a full-blown cyber warfare.”
While organizations outside of Israel and Palestine shouldn’t panic, it’s essential to prepare for an uptick in activity among decentralized threat actors.
For instance, security researcher Will Thomas has noticed an increase in posts for DDoS-for-hire or Initial Access Broker services, which would enable third parties to use another entity to target Israeli and Palestinian targets. The more profitable these services are, the greater their potential to multiply.
The Major Risk: Synchronized Cyber and On-the-Ground Operations
According to the senior manager of cyberthreat research at MDR provider Critical Start, Callie Guenther, the main risk factor presented by the cyber operations seen so far is if they become synchronized with military objectives.
“While a vast number of hacktivist attacks are symbolic, aiming to gain attention or make political statements, the involvement of groups with alleged state ties like Anonymous Sudan and Killnet changes the narrative,” Guenther said.
“Their operations could transition from being symbolic gestures to strategically aligned offensives that complement on-ground military actions.”
As a result, Guenther highlights it’s important not to merely dismiss these groups as taking symbolic actions and to consider that their operations can provide tactical advantages or provide strategic intelligence gathering.
In any case, given the severity of the conflict, organizations affiliated with Israel or Palestine, or allied states of either area, should remain vigilant against potential hacktivist activity. After all, threat analysts have already discovered hacktivist groups targeting nations like India and France.
🔍 Cyber Conflict: Israel-Palestine Scenario 🔍
In light of the ongoing Israel-Palestine conflict, the cyber arena is experiencing a surge of activity. Key observations from our extensive monitoring:
1.Around 70 incidents where Asian hacktivist groups are actively targeting… pic.twitter.com/w56Y1kOEXZ
— FalconFeeds.io (@FalconFeedsio) October 8, 2023
At the same time, if U.S. and European involvement in the conflict increases, there is the potential that hacktivist groups will target these entities, too.
Don’t Forget Misinformation
With so many direct cyber-attacks going back and forth, it’s easy to forget that threat actors are also attempting to use misinformation as a weapon. Cyabra, a social media threat intelligence provider, shared research with Techopedia suggesting that Hamas had been using platforms like X and Tiktok to spread propaganda.
Cyabra analyzed over 1 million posts, pictures, and videos and uncovered Hamas-controlled fake online accounts created to spread disinformation or gather information about targets.
The firm found that 1 in 5 social media accounts participating in the online conversation are actually fake, with fake accounts most actively spreading disinformation on X and Tiktok.
This highlights that cyber warfare isn’t just about disruption but spreading a narrative. The Russia-Ukraine war has also demonstrated this with Russian-sponsored actors using fake social media accounts, forged documents, manipulated videos and images to undermine support for Ukraine.
With the Israel-Palestine conflict intensifying, while important for organizations not to panic, it’s also important to recognize that the threat landscape has the potential to change rapidly.
In a world where volunteers can take up digital arms for any cause they desire, organizations can’t anticipate that these entities will agree on centralized rules of engagement.