UPDATED 16:09 EST / OCTOBER 12 2023

SECURITY

The Hamas-Israeli war is also being fought in cyberspace

The war between Hamas and Israel is also raging across the cybersecurity realm, with various malware exploits, disinformation campaigns and recruitment of citizen hackers seen on both sides of the conflict.

It’s difficult to obtain independently verified information because of the dynamic situation, and because many Israelis have been deployed to active duty since the war began, depleting tech staffing levels. “Most employees of Israeli companies are reservists first, and are now preparing to fight,” Horizon3.ai Inc. Chief Executive Snehal Antani told SiliconANGLE.

Security researchers are seeing an increase in cyberattacks targeting Israeli businesses and government agencies. “We are witnessing an increasing trend of efforts from Israel’s adversaries, both organized and unorganized, to introduce a cyberattack dimension to this conflict,” Roy Akerman, CEO of security firm Rezonate Inc., said in an interview.

And it’s not alone. According to a Radware Ltd. blog, “In parallel to the Hamas invasion of Israel, we have observed a significant increase in cyber aggression against Israeli targets.” Security provider Radware is based in Tel Aviv.

The company tracked the number of distributed denial-of-service attacks claimed on Telegram in the first couple of weeks in October, showing that Israel has been targeted 143 times (pictured below), both by hackers claiming supporting Palestinian and Russian causes. The vast majority of these attacks began with the Hamas invasion of Israel on Oct. 7.

Microsoft Research is seeing a similar pattern. In its latest “Digital Defense Report” released earlier this month, it said that “Israel remains by far the most-targeted country in the Middle East and North Africa region as a result of Iran’s extensive focus there.”

Many of these efforts are intended to sow panic among citizens, such as by sending disinformation alerts about potential bomb threats or insecure water supplies. Microsoft has found that Iran has lately broadened its target focus to include NATO member countries in addition to targets in the U.S. and Israel.

Since this analysis was posted on Oct. 12, the situation has continued to evolve. A more recent post by Security Scorecard has more updated data from Oct. 20 that has been incorporated here.

Pro-Hamas groups

There are several main hacker groups that have been consistent in declaring their support for Hamas: Anonymous Sudan, Killnet, AnonGhost, Ghosts of Palestine and Storm-1133.

Anonymous Sudan initially hailed from that country, although some security researchers say the group has recruited members from elsewhere, and others have called it a pro-Russia group.

It has been conducting various DDoS attacks against several Western countries since the beginning of the year. It was banned from Telegram when it targeted that platform last month. Its most recent target was the Jerusalem Post newspaper, which had website outages during the first days of the war that the Anonymous Sudan group claimed credit for instigating. They also claimed a more recent compromise of one of the smartphone alerting apps.

A second group is Killnet, which is either based in Russia or Palestine. (Security Scorecard identified a separate Palestine-oriented messaging channel, but that hasn’t been active in the past week.) The original founders became more well-known after the start of the Ukrainian war in 2022. Some researchers have reported Killnet stepping up Israeli attacks early in the conflict, while others have said they have refocused their efforts on the Russia/Ukraine theater, with an October 14 attack against a Ukrainian energy company. It has targeted several Israeli websites, including that of the intelligence unit Shin Bet, along with other Israeli government sites, such as its main web presence gov.il. It isn’t clear if that site was overwhelmed by legitimate traffic or the subject of an actual DDoS attack.

“A week ago, you would see less than a handful of these in 24 hours, but now you see a handful in an hour,”said Yossi Appleboum, CEO of cyber company Sepio, told the Wall Street Journal.

Radware’s telemetry has observed both application and network layer DDoS attacks instigated by both groups. Many of these attacks last only a few minutes before being repelled by defenders.

The third player is the group AnonGhost, which earlier in the week exploited a vulnerability in Red Alert, one of the Israeli Android apps that provide real-time geolocated alerts rocket attacks. Security researchers Group-IB detected the exploit and posted on its X/Twitter account. Subsequently, the app was removed from the Google Play Store. There are several other Red Alert apps that weren’t affected and are still available.

Finally, there is the threat group that Microsoft has labeled Storm-1133, which it saw targeting Israeli energy and telecommunications targets earlier this year. This hacking group has been tied to Hamas and it has delivered all sorts of trouble including backdoors and phishing lures, according to the company’s research. One not-so-novel approach has been to create phony LinkedIn profiles masquerading as Israeli human resources managers and software developers to compromise employees at target businesses.

Besides these attackers, there are other groups that have made various claims — such as stealing data from Israeli data centers — but haven’t been substantiated, at least according to Security Scorecard. Others have aimed their cyber weapons toward Israel.

Iran is one of the more prolific cyberattackers, with sophisticated state-sponsored groups that continue to prey on targets across the world. The Microsoft research report documents a variety of firsts in the past year, including specific targeting of a destructive cyberattack on a NATO country.

Iran isn’t alone, though. “It is clear that other Russian hacktivists are also choosing sides and actively support Hamas in their war against Israel,” Mattias Wåhlén, a threat intelligence expert at the cybersecurity firm Truesec AB, said in a post from Time. “Their actions look more like opportunistic strikes.”

Some of the attacks are insidious. The Journal reported student remote lessons were interrupted by an image of a soldier holding a rifle during one of their lessons. And there are numerous images uploaded to various social media platforms that purport to show various events that aren’t accurate or taken out of context or happened long ago. “We should expect highly effective disinformation campaigns that, when combined with cyberattacks that steal information or disrupt systems, will shape the information battlefield globally,” Antani of Horizon2.ai told SiliconANGLE.

Pro-Israeli groups

According to several sources, a group of Israeli tech volunteers have gotten together for humanitarian relief, to aid in rescue efforts. Called the Israel Tech Guard, it’s working to help distribute common health and food supplies among displaced people. Many families have had to deal with their members being called up for active duty (my son-in-law one of them, for example) or civilians who have had to relocate elsewhere in the country to be further from rocket attacks (such as my daughter).

“Pro-Israel groups have waged their own attacks, targeting Palestinian organizations with cyberattacks,” a post in Fortune magazine noted. “One group, calling itself Indian Cyber Force, said it had downed the Palestinian National Bank’s website and Hamas’s website on Sunday.”

“The fact that Iran has failed in its many attempts to carry out terrorist attacks against Israeli and Jewish targets abroad will not lessen its resolve, and these efforts will continue in the future,” a group of researchers for the Institute for National Security Studies, an Israeli think tank, wrote back last December. As it turned out, sadly, that prediction has come true.

N.B. Bitdefender posted this analysis of phishing lures using the war as a way to steal money disguised as charitable donations, many of these efforts have been tracked back to Russian sources.

Images: Chenspec/Pixabay, Radware

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU