Hacktivists are trading cyberattacks on both sides of the Israel-Hamas conflict.
According to detections by ReliaQuest, several pro-Russian hacktivist groups have identified Israeli targets, and Anonymous Sudan’s official Telegram channel is discussing how to undermine Israel’s Iron Dome defense, a mobile air defense system that intercepts and destroys short-range rockets and artillery shells.
Anonymous Sudan also named the Israeli government in online discussions as a main target and said it had obtained unspecified “zero-day vulnerabilities from Romania” to use in anti-Israel attacks.
The AnonGhost hacktivist group said it had managed to breach the “Red Alert” app to send messages like “The Nuclear Bomb is coming” and “Death to Israel.”
Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest, says the discussion on Telegram channels should be taken seriously even though their users’ intentions and activities are often not verified, or reflect the true nature of a group.
DDoS for Hire
The Krypton network has also offered to sell its distributed denial-of-service (DDoS) capabilities to hacktivists wishing to target Israeli organizations. Morgan says Krypton is a known DDoS-for-hire botnet that allegedly includes several features to bypass DDoS mitigation services.
“It is realistically possible that the group saw an opportunity amidst the rush to target Israel, viewing it as a chance to make additional sales,” Morgan says.
However, the attacks are not all one way, as ThreatSec reportedly compromised the Palestinian Internet services provider AlfaNet, with “literally every server owned by Alfanet” shut down. The group claimed its original goal was just to get a hold of some infrastructure, but it gained full control of more than 5,000 servers in the Gaza region. Statistics show a decline in Internet connectivity in Gaza over the past few days.
Since the attacks by Hamas began, cybercrime groups have shifted their activities toward the Middle East. More than a dozen threat groups declared their intention to launch disruptive attacks against Israel, Palestine, and their supporters. The Jerusalem Post was taken down by a cyberattack this week.
Morgan says Israel is regularly targeted by cyber threats — such as when the Russia-aligned Ragnar Locker group hit the Mayanei Hayeshua Medical Center in Bnei Brak this summer — often by Iranian APTs. Additionally, hacktivist groups frequently target Israel in response to the ongoing conflict with Hamas.