The Israel-Hamas conflict already has a digital front, but thus far the bulk of the cyber attacks are coming from Russia-aligned groups that are shifting focus to allies of Israel likely to play host to protests.
Rob Joyce, director of cybersecurity for the National Security Agency, told the Wall Street Journal that there have not yet been any major cyber campaigns between the two central participants in the Israel-Hamas conflict; not a surprising development given that Israel has said that Hamas’ shift to communicating offline likely contributed to its success in launching its surprise attacks. The early action instead appears to be with independent hacking groups with an ideological focus, such as Russian groups that are believed to be targeting Australia and New Zealand with DDOS attacks timed to coincide with anti-Israel protests.
Israel-Hamas conflict draws in an international coalition of hackers
Security firm CyberCX has published a bulletin indicating that some 30 hacking groups have declared themselves participants in the Israel-Hamas conflict since October 8. Not all of these are throwing in for Hamas, but CyberCX notes that Russian hackers that have been conducting independent “patriotic” campaigns against allies of Ukraine are switching focus to DDOS organizations in Australia and New Zealand, in the apparent hopes of exacerbating protests taking place in those countries. One of the most active thus far has been “Anonymous Sudan,” which has claimed to have temporarily taken down the websites of over 20 businesses in the region thus far.
The bulk of these group’s cyber attacks on Ukraine allies have consisted of DDOS campaigns, and CyberCX expects that to also be the case in the Israel-Hamas conflict. The risk is highest for public-facing government websites, utility companies and the financial industry, and the attacks are fully expected to spread to the US and Europe among other regions.
Another significant action was undertaken by a group called AnonGhost, which was able to gain access to an app used by Israelis for warnings of rocket strikes. The hackers, who have declared support for Palestine, sent fake rocket alerts and at one point even sent a false report of a nuclear launch. The app was eventually removed from the Google Play Store.
Not all of these freelance cyber attacks are going in Israel’s direction, however. A group calling itself “Indian Cyber Force” appears to have declared for Israel, attacking Hamas’ main public-facing website and the Palestinian National Bank’s public site and taking them down for an extended period.
Still, an analysis by FalconFeeds.io finds that there are about 100 hacker groups that have involved themselves in the Israel-Hamas conflict thus far, and that the number skews heavily to Palestine supporters (at 77). Only three groups attempting to be personally profiting from the chaos, logging cyber attacks on both sides as opportunities arise.
For the moment, none of these DDOS campaigns by hacktivists are considered serious or have done real damage. The Israel-Hamas conflict will most likely include direct cyber exchanges at some point, however. A Gaza-based group that Microsoft calls Storm-1133 engaged in what now appears to be a preparatory campaign earlier this year, attempting to phish employees at a variety of organizations in Israel and install backdoors for presumed future cyber attacks. And Israel is well known for its own cyber capability.
Erich Kron, Security Awareness Advocate at KnowBe4, notes that the conflict creates a unique opportunity for phishing attempts that all should be aware of: “Anytime there’s an event that triggers a strong emotional response, it’s common for bad actors to use it in attacks. Strong emotions cloud our judgment and make us miss things that we would otherwise notice are out of place. For people on both sides of this event, there is a significant emotional reaction, making it a perfect method for their attacks. It’s important for people to notice when they have a strong emotional reaction to an email, text message, or even a phone call, and to then take a deep breath and look at the message critically. Red flags include strange links or attempts to get a person to install software or even to send money in support of a cause.”
Big claims from some hacktivists, but cyber attacks have been relatively minor thus far
Hacktivist groups are known for exaggerating, or even sometimes making up, the extent of their cyber attacks. That already appears to be the case with the Israel-Hamas conflict, with some unsubstantiated claims about compromising two electricity providers in Israel as well as the Iron Dome defense system.
Similarly, a pro-Israel hacking group called ThreatSec claims it has breached Gaza area ISP Alfanet and has control of its servers and television stations. That information is difficult to verify given that Gaza has been without electricity since October 11, save for sporadic use of generators to support vital functions. Alfanet has told the international media that it is currently offline due to “complete destruction” of its headquarters during an airstrike.
As the Israel-Hamas conflict continues, questions arise about the extent to which other nations will become involved. Most of those questions begin with Iran, which has a long history of cyber attacks against Israel attributed to it by assorted cybersecurity sources. At the moment, there is not yet any indication that Iran’s state-backed hacking teams have entered into the fray. Among other attempts, in 2020 Iranian hackers penetrated the water systems of two rural areas of Israel but were detected and removed from the systems before any damage could be caused.
Tom Kellermann, SVP of Cyber Strategy at Contrast Security, believes that Iran will ultimately escalate to cyber attacks on allies of Israel as well: “This was a historic hybrid attack. The failure of Israeli intelligence was due to sophisticated cyberattacks leveraged by Iranian groups like Charming Kitten who have benefited from tech transfer and training by Russian intelligence. This conflict will spill over into the region with burgeoning cyberattacks and kinetic attacks. Western critical infrastructures will be targeted with destructive cyberattacks and lone wolves will activate. We are entering uncharted territory as these terror groups are now technologically sophisticated and they possess cyber savvy. My biggest concern is the advent of further hybrid attacks and for other rogue nation states to see this as an opportunity for vengeance.”