It has been 2 months since Hamas’s October 7th surprise attack on Israel. In that time there have been many developments both on the ground and in the cyber realm. A number of groups emerged in the aftermath of the attack pledging their support to either Hamas, Palestine or Israel and cyberattacks increased in the region targeting both sides to varying degrees of sophistication. DarkOwl analysts have been tracking these events and activities, and in this blog we review some of the notable cyberattacks that have occurred and the groups that have taken responsibility.
In the first few days of the conflict, attention was largely focused on images and media reportedly coming out of Israel and Gaza highlighting the atrocities which were occurring. Telegram, which is monitored by DarkOwl, appeared to be being used as a de-facto news source, providing details of what was happening in certain areas and also posting images of the aftermath. Channels appeared or grew in size supporting one side or the other and while sharing information, there were also reports of false or fabricated information and media being shared stoking the flames on both sides.
The cyber world also reacted to the conflict with existing hacktivist groups quickly pledging allegiance to their chosen side or already fighting for the cause. Groups quickly began to post online about the targets they had successfully compromised with attacks ranging from DDoS (distributed denial-of-service), defacements to data leaks. As the conflict has progressed, the level of activity has ebbed and flowed, with some groups turning their attention back to previous targets.
After the initial invasion and activity, several cyber incidents accompanied the air and ground conflicts in the Middle East. Key activities we identified as part of the conflict are detailed below although this is not an exhaustive list and does not describe all reported activities.
As the month of October concluded, hacktivist activity relating to the Gaza conflict appeared to decrease. While the start of the conflict saw a large amount of emerging activity, with actors and groups choosing sides and issuing threats online, digital activity surrounding the Israel-Hamas conflict tapered down. However, increases were expected as the conflict continued.
Although the hacktivist groups on Telegram appeared to quiet in this period security research reported on several activities which indicated that Iranian hackers were using new tools to target Israel and that a Hamas linked APT was also targeting Israel with a new backdoor tool. Indicating that nation states and Nation State sponsored groups continued to be active in the cyber sphere. These groups tend to avoid the publicity that hacktivist groups seek.
Cyber incidents began to increase after the temporary ceasefire between Hamas and Israel completed.
Hacktivist groups and cyberattacks have been a component of the Israel Hamas conflict since it began, with many groups getting involved and attacks across of a scale of sophistication being conducted on both sides. Although the activities have ebbed and flowed in the first two months of the conflict, it is clear that they are likely to continue for the length of the military conflict – if not longer. DarkOwl will continue to monitor the activities of these groups as the conflict continues.
Products
Services
Use Cases