Hacktivist attacks erupt in Middle East following Hamas assault on Israel
Groups range from known collectives to new outfits eager to raise their profile
Hacktivism efforts have proliferated rapidly in the Middle East following the official announcement of a war between Palestine and Israel.
The escalation was spurred by a deadly attack on a music festival by Hamas, along with abductions and killings across scores of Israeli towns after a surprise incursion from the Gaza border in the morning of October 7.
About 700 Israelis were killed and more than 150 taken hostage, according to Israeli officials, while deadly counterattacks from Israel have since killed at least 511 people on the densely populated Gaza Strip since Saturday, Gaza's health ministry says.
At least 15 known cybercriminal, ransomware, and hacktivist groups have announced their active participation in disruptive attacks targeting institutions in Israel and Palestine, as well as their supporters.
Among the most notable groups involved are Anonymous Sudan and Killnet. The former was created earlier this year and has since been attributed with major attacks on Microsoft, X (formerly Twitter), and the German foreign intelligence service.
Experts believe that Anonymous Sudan is a front for Russian state-sponsored cyberattacks, under the guise of Sudanese-based hacktivism, and allegedly has a connection with Killnet – the nature of which isn't fully understood. The group itself has consistently denied these claims.
Like Anonymous Sudan, Killnet is also believed to be Russia-based, or at least Russia-aligned, and is known for launching high-profile distributed denial of service (DDoS) attacks.
Both groups have said their efforts will focus on disrupting targets in Israel.
"Government of Israel, you are to blame for this bloodshed. Back in 2022, you supported the terrorist regime of Ukraine. You betrayed Russia. Today Killnet officially informs you about it! All Israeli government systems will be subject to our attacks," Killnet said on its Telegram channel.
Killnet has also called for an end to harm against civilians and reiterated its position that it will only target the Israeli government.
Anonymous Sudan has been less communicative regarding its activity so far, but has pledged allegiance to the Palestinian Resistance and has claimed an attack on the Jerusalem Post, a leading Israeli news publisher whose website is still unresponsive at the time of writing.
Other groups involved in the ongoing disruptive attacks include a number aligned with India, such as Team Insane, Mysterious Team Bangladesh, and Indian Cyber Force.
Despite the Indian government's support of Israel in the conflict, both Team Insane and Mysterious Team Bangladesh have announced they intend to disrupt targets in Israel, while Indian Cyber Force has claimed attacks on Palestinian government web services.
Brand-new groups have also emerged, such as Libyan Ghosts, a collective seemingly focused on the digital defacement of smaller websites in Israel.
Some groups are explicitly targeting the supporters of Israel, such as the pro-Palestine group Sylhet Gang announcing its targeting of Ukraine, and various others claiming an attack on a web server belonging to the Indian government, allegedly stealing 100 GB of data.
The cybercrime outfit Arvin Club, which is associated with ransomware deployment but not considered an out-and-out ransomware group, has also allegedly stolen data from the Iranian Islamic Azad University of Shiraz.
Actual impact of hacktivism
While attacks have been claimed on myriad types of targets in both Israel and Palestine, the majority of them are seemingly focused on the usual targets of hacktivism, including government websites, media organizations, and critical infrastructure such as energy and telecoms.
As is typical with hacktivist efforts, the real-world impact of the attacks has been minimal. Most incidents appear to be mitigated within an hour or two, with some exceptions such as with the Jerusalem Post which has been experiencing outages for more than 24 hours.
Sylhet Gang's attack on the Israeli patent office, an institution with a government domain, for example, was originally successful but has been rapidly brought back online.
Its attack on the Tel Aviv Sourasky Medical Center, a healthcare institution also with a .gov domain, however, continues to disrupt the website at the time of writing.
The telecoms sector continues to see wide disruption as a result of conflict on the ground and in cyberspace.
- Datacenter cabling biz Volex confirms digital break-in
- Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign
- CISA reveals 'Admin123' as top security threat in cyber sloppiness chart
- MGM Resorts attackers hit personal data jackpot, but house lost $100M
Internet monitoring organization NetBlocks has noted that ISPs in both Israel and Palestine have experienced outages.
It attributed a drop in Tel Aviv's internet connectivity shortly after Hamas's assault on Saturday to the impact of missile strikes, such as the one on Rutenberg power station.
NetBlocks also highlighted Palestinian ISP Fusion's explanation of the region's internet issues to a "sudden failure" of access points in the Gaza Strip.
The Threatsec hacktivist group has claimed a breach on Palestinian ISP Alfanet, saying: "We have shut down literally every server" operated by Alfanet. Its website is still functional and responsive at the time of writing.
Formalizing the rules of cyber war
The mounting efforts from cybercriminals and vigilantes over the weekend come just days after the International Committee of the Red Cross (ICRC) published its set of rules for engaging in hacktivism and disruptive cyberattacks.
Citing the war in Ukraine as the catalyst for rising hacktivism activity over the past year and a half, the ICRC codified what it believes should be the eight rules needed to ensure cyber activism remains safe and minimizes civilian impact.
Many of the rules concern civilian safety and how hacktivists should avoid at all costs endangering non-military personnel.
The targeting of civilian objects such as medical and humanitarian facilities was prohibited in ICRC's rules, as were attacks on objects "indispensable to the survival of the population or that can release dangerous forces."
Killnet was one of the first groups to say publicly that it wouldn't be abiding by the ICRC's rules, but has since U-turned on that claim.
The IT Army of Ukraine agreed to the rules immediately, but highlighted the possibility that adhering to the rules may lend a tactical advantage to groups that choose not to. ®