Cyber Security Threat Summary:
According to reports, several hacker groups have joined in on the Israel-Hamas conflict. State-sponsored threat actors have ramped up their cyber efforts, but so to have hacktivist groups supporting both sides of the war.
According to reports, the first hacktivist attacks were launched by Anonymous Sudan less than one hour after the first rockets were fired by Hamas. The group targeted emergency warning systems, and claimed to have taken down alerting applications in Israel. The Jerusalem Post, the largest English-language daily newspaper in Israel, was also allegedly targeted by Anonymous Sudan.
“A pro-Hamas group called Cyber Av3ngers targeted the Israel Independent System Operator (Noga), a power grid organization, claiming to have compromised its network and shut down its website. The group also targeted the Israel Electric Corporation, the largest supplier of electrical power in Israel and the Palestinian territories, as well as a power plant” (Security Week, 2023).
The pro-Russian hacktivist group Killnet has also joined the fray, launching several attacks against Israeli government websites.
A Palestinian hack group called Ghosts of Palestine, have invited hackers from across the globe to attack private and public infrastructure in Israel and the United States.
Another group called Libyan Ghosts has started defacing small Israeli websites in support of Hamas.
“In most cases, these hacktivists have used distributed denial-of-service (DDoS) attacks to cause disruption. Some of them claimed to have caused significant disruption to their targets, but it’s not uncommon for hacktivists to exaggerate their claims. For instance, claims by Iran-linked and other hackers that they have launched a cyberattack on Israel’s Iron Dome air defense system are likely exaggerated” (Security Week, 2023). Killnet and Anonymous Sudan, which both have ties to Russia, have been known to launch more disruptive attacks. In the past they targeted major companies such as Microsoft, X (formerly Twitter), and Telegram with massive DDoS attacks.
In a report published last week, Microsoft said it had seen a wave of activity from a Gaza-based threat group named Storm-1133 aimed at Israeli organizations in the defense, energy and telecommunications sectors in early 2023. Microsoft believes the group “works to further the interests of Hamas”.
A pro-Israel group called ThreatSec has compromised the infrastructure of Gaza-based ISP AlfaNet.
Pro-Israel hacktivists operating out of India, have also attacked Palestinian government websites, making some of them inaccessible.
A group named Garuna has announced its support for Israel, and TeamHDP has targeted the websites of Hamas and the Islamic University of Gaza.
Security Officer Comments:
We expect cyber attacks from both sides to continue to escalate as the war continues. DDoS attacks are commonly used, but more destructive cyber attacks, especially those aimed at critical infrastructure are likely.
Disinformation campaigns may be leverage by both sides. Automated responses and false stories will appear on social media in an attempt to sway public opinion and support. These stories may spread rapidly and are difficult to defend against or refute.
Be aware that the high-profile nature of these events will be used by cybercriminals in phishing and scam based campaigns. We have seen this with other global events. Be wary of donating to any causes, as cybercriminals will steal funds, and leverage the war as a means to trick victims into sending funds to phony support groups.
Cyber Security Threat Summary: