cyberarmybd.com Open in urlscan Pro
192.0.78.25  Public Scan

Form analysis
3 forms found in the DOM

POST https://cyberarmybd.com/wp-comments-post.php

<form action="https://cyberarmybd.com/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate="">
  <div id="comment-form__verbum" class="transparent"></div>
  <div class="verbum-form-meta"><input type="hidden" name="comment_post_ID" value="458" id="comment_post_ID">
    <input type="hidden" name="comment_parent" id="comment_parent" value="0">
    <input type="hidden" name="highlander_comment_nonce" id="highlander_comment_nonce" value="39a76e080e">
  </div>
  <p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="e21c632871"></p>
  <p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1698425583149">
    <script>
      document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
    </script>
  </p>
</form>

<form id="jp-carousel-comment-form">
  <label for="jp-carousel-comment-form-comment-field" class="screen-reader-text">Write a Comment...</label>
  <textarea name="comment" class="jp-carousel-comment-form-field jp-carousel-comment-form-textarea" id="jp-carousel-comment-form-comment-field" placeholder="Write a Comment..."></textarea>
  <div id="jp-carousel-comment-form-submit-and-info-wrapper">
    <div id="jp-carousel-comment-form-commenting-as">
      <fieldset>
        <label for="jp-carousel-comment-form-email-field">Email (Required)</label>
        <input type="text" name="email" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-email-field">
      </fieldset>
      <fieldset>
        <label for="jp-carousel-comment-form-author-field">Name (Required)</label>
        <input type="text" name="author" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-author-field">
      </fieldset>
      <fieldset>
        <label for="jp-carousel-comment-form-url-field">Website</label>
        <input type="text" name="url" class="jp-carousel-comment-form-field jp-carousel-comment-form-text-field" id="jp-carousel-comment-form-url-field">
      </fieldset>
    </div>
    <input type="submit" name="submit" class="jp-carousel-comment-form-button" id="jp-carousel-comment-form-button-submit" value="Post Comment">
  </div>
</form>

POST https://subscribe.wordpress.com

<form method="post" action="https://subscribe.wordpress.com" accept-charset="utf-8" style="display: none;">
  <div>
    <input type="email" name="email" placeholder="Enter your email address" class="actnbr-email-field" aria-label="Enter your email address">
  </div>
  <input type="hidden" name="action" value="subscribe">
  <input type="hidden" name="blog_id" value="32754049">
  <input type="hidden" name="source" value="https://cyberarmybd.com/2023/10/27/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/">
  <input type="hidden" name="sub-type" value="actionbar-follow">
  <input type="hidden" id="_wpnonce" name="_wpnonce" value="bf7491b5c3">
  <div class="actnbr-button-wrap">
    <button type="submit" value="Sign me up"> Sign me up </button>
  </div>
</form>

Text Content

Enjoy this site?Gift the author a WordPress.com plan.
Gift
Skip to content


CYBER ARMY

 * Home
 * About Captain Of The ship
 * fightforthefuture




THE ISRAEL-HAMAS WAR | CYBER DOMAIN STATE-SPONSORED ACTIVITY OF INTEREST


EXECUTIVE SUMMARY

Various hacktivist groups have targeted critical infrastructure, government
agencies, and organizations in both Israel and Palestine. The attacks include
Distributed Denial of Service (DDoS) attacks, defacement attacks and data
breaches. As other countries take a stand on the war, the conflict has also
spread beyond the immediate region, affecting several other countries. This
report provides a concise overview of the escalating cyber conflict in the
Middle East, stemming from recent geopolitical events. Notably, we engaged
directly with threat actors from hacktivist groups to gain a deeper
understanding of their motivations and forthcoming targets.


INTRODUCTION

As cyber conflict advances, the concept of ‘hybrid warfare’ emerges, blending
kinetic and non-kinetic (i.e. digital) operations on the modern battlefield.
While traditionally cyber operations have been non-kinetic, a paradigm shift is
looming, as cyber-attacks on vital infrastructure – like power plants – have the
potential to yield tangible, kinetic outcomes that disrupt local operations, and
can lead to extensive chaos and collateral damage. This type of event has
precedent: the Russian invasion of Ukraine was proceeded by a synchronized
disruption of Viasat nodes by a GRU-initiated DDoS attack, underlining the
intertwined nature of modern warfare. With non-state actors increasingly
engaging in disruptive operations, we are observing a similar pattern in the
ongoing conflict between Israel and Gaza.


TIMELINE

October 6, 2023: Cyber Av3ngers, a hacktivist group, claims responsibility for
hacking the Noga Independent Systems Operator and launching Distributed Denial
of Service (DDoS) attacks. This event marks the beginning of cyber activity
related to the ongoing conflict.

October 7, 2023: Within an hour of the 5000+ missile attack on Israel by Hamas,
hacktivist group Anonymous Sudan (suspected to be of Russian origin) launched
DDOS attacks on all the alert applications used for notifying citizens about
incoming rockets.

October 8, 2023: The Israeli government’s official website becomes unreachable
worldwide, and the Russian hacker group ‘Killnet’ claims responsibility for the
attack. They accuse the Israeli government of supporting the “terrorist regime”
in Ukraine and announce that they will target Israeli government systems.

Anonymous Sudan attacks The Jerusalem Post’s website, causing it to go offline
for over 2 days. Threat actor Ares Leaks announces that they are willing to
purchase data related to Hamas military group. Furthermore, Cyber Aveng3rs
claimed responsibility of hacking into the DORAD power plant, and ThreatSec
claimed to have breached and shut down Alfanet, Palestine’s largest ISP
provider.

October 9, 2023: Hacktivist group; AnonGhost, compromised Israel’s Alert App and
sent threatening notifications by exploiting an API vulnerability in the
application. On the other hand, the cyber branch of the Israel Police’s Lahav
433 unit, along with the help of Binance, freezes cryptocurrency accounts
belonging to Hamas.

October 10, 2023: A threat actor known as “blackfield” announces on a
Russian-speaking forum that they possess data belonging to hundreds of IDF
soldiers and Shabak members, including phone numbers, photos, and personal
information. They may use this data for further targeted attacks and
disinformation campaigns. Blackfield also hints at targeting the US in the near
future.

Various pro-Israel and pro-Hamas hacker groups engage in cyber activities,
shutting down websites and targeting infrastructure. Cyber Av3ngers claims to
have CCTV access to Mekorot, the national water company of Israel, adding to the
list of attacks on industrial control systems.

October 11 – October 13, 2023: Individuals from various hacktivist groups are
looking up stealer logs added to a central public lookup repository, trying to
find valid credentials to compromise their targets of interest. Hacktivists are
interested in servers belonging to:

 * The Federal Emergency Management Agency (FEMA),
 * The Ministry of Health of Kenya,
 * Texas Attorney General,
 * The Ministry of Education of Israel,
 * Prime Minister’s Office,
 * Republic of Iraq,
 * Alayen Iraqi University,
 * Middle Technical University in Iraq,
 * Journal of Petroleum Research and Studies (Iraq),
 * Bayan University (Iraq).

And more.

October 14, 2023: Cyber Av3ngers announce that they have compromised ORPAK, a
company that provides payment and management solutions for fuel, retail and
fleet businesses in Israel. This was followed by them leaking CCTV footage and
data from multiple gas stations and screenshots of the internal panels using
SiteOmat.

October 15, 2023: Hacktivist group AnonGhost Indonesia claims to leak the
database of a dating and consolidation project for the Israeli LGBTQ community –
“The Gaydar” on Pastebin.

October 16, 2023: Amidst other attacks, Israeli news websites “All Israel News”
and “Abu Ali Express” were targeted by hacktivist “YourAnon T13x”. “All Israel
News” took countermeasures that resulted in the web requests from the hacktivist
group initially getting blocked, however, the threat actors were able to DDOS
the website again.

October 17, 2023: Hacktivist group AnonGhost dumped a list of Israeli targets
vulnerable to CVE-2023-29489 along with the exploit. The vulnerability affects
cPanel application hosted commonly on websites. It’s a reflected cross-site
scripting vulnerability that could be exploited without any authentication by an
attacker.


WE SPOKE WITH A THREAT ACTOR WHO HAS TAKEN A NEUTRAL STANCE IN THE ONGOING WAR.

In September 2022, Spid3r and the Kromsec group emerged as significant threats
to Iran, both in the digital and real World. They initiated a cyber offensive as
part of Anonymous’s #OpIran campaign, responding to the tragic death of Mahsa
Amini, which has placed considerable pressure on the Tehran regime. Spid3r, who
was previously involved in #OpRussia and contributed to the disruption of
critical Russian targets, shared insights on the ongoing war. As stated by
Spid3r in previous conversations, “Turning off unimportant targets for 5 minutes
doesn’t work at all – But DDoS can be effective if you lock a specific target
for a long time. For example, let’s say that the money transfer system of a
country’s central bank does not work for 6 hours. Loss is unpredictable”.

(CYFIRMA): Can you please introduce yourself and describe your group’s political
stance?
Spid3r (KromSec): Certainly. We are KromSec, a collective of hacktivists. Our
primary goal is to respond to global events and issues through hacktivism. We
operate from a democratic standpoint, firmly against censorship, corruption,
human rights violations, and various modern-day problems. Our group comprises
not only hackers but also activists, writers, and journalists. However, the
individuals taking responsibility for our actions are mostly hacktivist hackers
with a background linked to Anonymous.

We were notably involved in Anonymous’ OpRussia, and later, we initiated OpIran.
Our activities have targeted various entities, including universities,
ministries, national assemblies, and government systems.

After the protests in France, we hacked the French Ministry of Justice and
disclosed information about hundreds of judges. Unfortunately, our Twitter
account and Telegram channel were suspended due to the French Government’s
intervention.

You can expect to see more data related to the French Ministry and an important
government system on our channel soon. I hope that gives you a good overview.
Feel free to ask further questions.

CYFIRMA: Can you confirm your group’s involvement in the recent cyber-attacks on
the Palestinian Ministry of Foreign Affairs?
Spid3r (KromSec): Yes, it is true that we gained access to their systems.
However, we want to clarify that our intentions are not malicious. We believe
that wars are tragic and should not be supported by any side.

CYFIRMA: What do you plan to do with the data you obtained from the Palestinian
Ministry of Foreign Affairs?
Spid3r (KromSec): Our intention is to reveal any hidden information when we deem
it necessary.

CYFIRMA: Are you acting independently, or are you affiliated with a specific
organization or group?
Spid3r (KromSec): We operate independently.

CYFIRMA: Do you believe that cyber-attacks will extend beyond the Middle East?
There has been significant attention to this issue.
Spid3r (KromSec): In today’s world, technology connects everything, including
people. Cyber actions can have a far-reaching impact, and we should consider
their potential consequences.

CYFIRMA: Given the recent Hamas/Israel confrontation, have you heard of any
major actions on the horizon?
Spid3r (KromSec): The media attention on unnecessary DDoS attacks makes us
question their significance. We are monitoring an Israeli group closely, and
they have targeted various .edu.ps websites. Pro-Palestinian Arab groups tend to
focus on DDoS attacks on vulnerable systems or exploit WordPress vulnerabilities
or compromised admin accounts. We respect genuine hacks, but DDoS attacks on
insignificant sites for bragging rights are questionable.

CYFIRMA: How does your group view the ongoing conflict between Palestinian
militant groups and Israel?
Spid3r (KromSec): We believe that the Israeli intelligence services are aware of
such attacks, and it’s thought-provoking that they coincide with a time when
Netanyahu lost support from his own people.

CYFIRMA: Do you have a longer-term strategy?
Spid3r (KromSec): It’s too early to discuss long-term strategies. The future is
uncertain, and events can change rapidly.

CYFIRMA: What specific targets have you focused on in your cyber-attacks?
Spid3r (KromSec): We always act with consideration for potential consequences on
civilians and critical infrastructure. We don’t aim to harm the public.

CYFIRMA: Are there specific demands or conditions your group aims to convey
through these cyber-attacks?
Spid3r (KromSec): We usually communicate our intentions through attack messages
or by contacting the affected system.

CYFIRMA: How do you see your cyber actions fitting into the overall strategy of
your organization or group in this conflict?
Spid3r (KromSec): Our primary focus is on positive intentions. We targeted two
universities, which are prominent in their country and have students who oppose
the current regime. Our goal was to establish a constructive dialogue to prevent
the potential misuse of information by others. Unfortunately, the situation
didn’t unfold as we had hoped.

CYFIRMA: Would your group consider engaging in dialogue or negotiations with
relevant parties in the Israel/Hamas conflict to address your concerns without
resorting to cyber-attacks?
Spid3r (KromSec): I don’t anticipate such an offer. As for the pro-Israeli group
we are monitoring, we are open to dialogue.

CYFIRMA: Please share your thoughts on the Hamas/Israel conflict and how you
think things will unfold, both on the ground and in cyberspace.
Spid3r (KromSec): The ongoing conflict raises many questions. Is Hamas doing
more harm to Israel or to their own people? The actions taken by Hamas, such as
dismantling pipes from international organizations for infrastructure and
repurposing them for missiles, are concerning. What Hamas is doing is
unacceptable, and all Palestinians suffer as a result. However, this doesn’t
justify Israel’s use of phosphorus gas. The lack of international response is
baffling.
The situation is shrouded in uncertainty. We are closely watching the Middle
East, where complex political games are played behind closed doors. True peace
in this region will only be possible when both Israeli and Palestinian children
can sleep without fear. We believe that diplomacy, rather than escalating
tensions through attacks, is the key to a resolution.

CYFIRMA: You mentioned that your group has some background with Anonymous. Would
you like to share a little about your technical capabilities?
Spid3r (KromSec): While I prefer not to boast about my technical skills, I can
confirm that I am not new to the realm of cybersecurity. Anonymous has provided
us with valuable knowledge and resources.

CYFIRMA: Is there a specific reason you don’t want to discuss your skills in
detail?
Spid3r (KromSec): I believe that actions speak louder than words, and I prefer
to let our activities demonstrate our skills.


A FEW MONTHS AGO, WE SPOKE WITH A THREAT ACTOR WHO IS SUPPORTING GAZA IN THE
ONGOING WAR

The conversation below is an excerpt from that interview.
Note: The responses have been slightly modified to improve readability as
English is not their native language

CYFIRMA: We appreciate you taking the time to speak with us. Can you begin by
telling us more about your group, DeltaBoys, and your role within it?
DeltaBoys: We are a group with a long history, and I’m referred to as “anony.”
We’ve had different names in the past, but our recent one is DeltaBoys. We’ve
been involved in various activities, including penetrating government
organizations and exposing their information.

CYFIRMA: What prompted you to communicate with the media directly?
DeltaBoys: We are regular people who are interested in communication, and we
decided to engage with the media.

CYFIRMA: To introduce you properly, how would you describe your group’s
activities? Are you primarily access brokers or involved in other aspects of
cyber operations?
DeltaBoys: Our activities were initially in the underground, but about a year
ago, we rebranded as DeltaBoys. We focus on infiltrating government
organizations and disclosing their information.

CYFIRMA: What is your group’s technical specialty or passion?
DeltaBoys: For nearly 20 years, we have specialized in penetration and
vulnerability detection.

CYFIRMA: Could you share the origins of your group and what motivates your
activities?
DeltaBoys: Initially, our focus was on exposing corrupt governments,
governmental crimes, and corruption. We were driven by a desire to hold such
entities accountable and make people happier through our actions.

CYFIRMA: Have you collaborated with other groups or formed any affiliations?
DeltaBoys: Yes, we have worked with many groups, although our group’s rules
often didn’t align with those of other groups. Unfortunately, most well-known
groups have affiliations with security organizations, and it’s interesting to
note that many hacker groups have been victims of our actions, resulting in us
obtaining and publishing information about them.

CYFIRMA: Can you tell us about your targets, particularly those related to
Israeli infrastructure, and the ideological reasons behind your attacks?
DeltaBoys: The Israeli government has a history of what we view as wrongdoing
and violence worldwide. Hacking and disclosing their information are a way for
us to express our opposition to their actions. We have targeted many cyber
groups from Israel, identifying their information and operational weaknesses.
Their primary goal often revolves around financial control.

CYFIRMA: We’ve noticed an increase in web defacement attacks. Can you explain
this and whether it’s due to a growth in your group or an increase in
sophistication?
DeltaBoys: We are a small but secretive group. Some of our intrusions occur
after thorough information checks on organizations, while others involve
sensitive information and documents. The public hacks typically relate to our
older targets.

CYFIRMA: How do you select your targets, and what vulnerabilities or criteria
attract your attention?
DeltaBoys: We have a vulnerability testing lab and identify the latest
vulnerabilities. We also gather information on government targets through our
members and by assessing the level of corruption. Occasionally, we hack ordinary
people for fun, particularly if they are involved in fraud and corruption.

CYFIRMA: Can you share some insights into your tactics and techniques that set
you apart from other threat actor groups?
DeltaBoys: Unfortunately, we cannot disclose our work method, but we achieve
significant results by leveraging zero-day vulnerabilities and exploiting human
error. A single human error in a security organization, for instance, can
provide us with access to the entire organization, including emails, passwords,
VPNs, files, virtual networks, and social networks.

CYFIRMA: Let’s discuss the financial aspect. How do you monetize your
operations, and what brings in the most income for your group?
DeltaBoys: We primarily make money through the sale of data and government and
financial access, generating approximately $40,000 per month. This income
supports our operations, but it’s important to distinguish between hackers and
financial fraudsters who steal from ordinary people’s databases. We are not
thieves.

CYFIRMA: What are your near-term and long-term ambitions as a group?
DeltaBoys: Our goal is to create a powerful group that transcends sect,
religion, and racism. We aim to fight against corrupt politics, racism, and
corruption while defending human rights. We believe that all human beings have
equal rights, and we strive to uphold them.


WE SPOKE WITH A THREAT ACTOR WHO IS SUPPORTING ISRAEL IN THE ONGOING WAR

(CYFIRMA): Can you please introduce yourself? How would you describe yourself in
terms of political stance?
fqw (Owner of GlorySec): My handle is fqw, I am the owner of GlorySec, and I
would also like to state before we get started that most, if not all hacktivist
groups have no idea about the current geopolitics other than what they hear from
the media/press. We aren’t black hats like GhostSec or SiegedSec; we actually
stand up for what’s right, we attack everybody with a particular reason.

CYFIRMA: Are you acting independently, or are you affiliated with a specific
organization or group?
fqw: GlorySec is a subgroup of a particular darknet cult that we can’t go into
any further detail about. However, yes – GlorySec is affiliated with another
group.

CYFIRMA: Ok, thanks. Can you confirm your involvement in the recent
cyber-attacks on the Palestinian territory?
fqw: We are currently prioritizing our involvement within the Israel-Palestine
conflict, but we can’t go into operational details.

CYFIRMA: How does your group view the ongoing conflict between Palestinian
militant groups and Israel?
fqw: GlorySec members have left, and the owner has left as well to start a new
operation. We have an entirely new team with the same political agenda. We will
be more radical towards terrorists and extremists and those who threaten
humanity without justification. We support Israel in the Israeli-Palestinian
conflict and Azerbaijan in the Azerbaijan-Armenia war. We have worked on
#OPArmenia and #OPPalestine and taken over websites. We have attacked
educational institutions in response to attacks on the innocent.

CYFIRMA: So far, we have seen several cyber groups becoming involved in the
recent Hamas/Israel confrontation. Are you aware of any major actions that may
take place?
fqw: We feel that both countries will be severely attacked, but we can’t provide
operational details or those of our affiliates.

CYFIRMA: I understand you can’t go into too much operational detail about what
you are planning, but can you give us an idea of your group’s capabilities or
what you have previously done?
fqw: Our new team is very advanced, with skills ranging from reverse engineering
to network penetration. However, we primarily focus on web penetration testing.

CYFIRMA: Is what you are planning solely a response to recent events in the Gaza
Strip, or does it represent a longer-term strategy?
fqw: It’s most likely a longer-term strategy, but our first motivation was the
Gaza Strip attacks.

CYFIRMA: Do you think cyber-attacks will extend beyond the Middle East?
fqw: It depends on the group and the country.

CYFIRMA: Have you considered the potential consequences of your actions on
civilians or critical infrastructure in the affected regions?
fqw: Yes, we have, but we always have a purpose, so we don’t take it into
critical consideration.

CYFIRMA: Are there any specific demands or conditions that your group is trying
to convey through these cyber-attacks?
fqw: It depends on the issue. For example, in the Palestine situation, we are
trying to push Palestine out of Israel, although they likely won’t listen. Many
hacktivist groups are attacking both sides.

CYFIRMA: How do you anticipate what you are planning will affect the situation
on the ground or the broader conflict? How impactful is it going to be? We’ve
heard some industrial control systems being attacked; is it in that vein?
fqw: GlorySec isn’t like other hacktivist groups that claim they are grey hats,
but they are actually black hats. We always have a purpose when we hack, and we
do it to push a cause. Our actions will likely impact Palestine financially,
making them realize they need to back out. There have been some attacks on
industrial control systems.

CYFIRMA: What are your views on Iran, who are widely known to fund Hamas? Isn’t
that an attractive target?
fqw: We have looked into Iran, and that is our next operation after Palestine.
We also have a few people already working on Iran, but it’s mainly focused on
Palestine.

CYFIRMA: Before we wrap up, could you give us an idea of the background of your
group? What makes you all so motivated?
fqw: GlorySec is made up of average citizens, such as cashiers or lawn mowers,
everyday people like you. Our motivation comes from tragedies and events caused
by companies and countries, like the wrongful invasion of Palestine. We are
fighting for justice.

CYFIRMA: Thanks for chatting. If you want to say anything else, always feel free
to reach out!


ETLM ASSESSMENT


ADVERSARY

Cybercriminals, Hacktivists, APTs


INFRASTRUCTURE

Private botnets, Bulletproof VPS, Booters/Stressers, Compromised RDPs/VNCs


TARGETS/VICTIMS

Pro-Gaza hacktivists are collectively targeting countries such as India, Egypt,
Kenya, France, Germany, Italy, United Kingdom, and the United States (other than
Israel). On the other hand, Pro-Israel hacktivists are targeting Iran, Iraq,
Saudi Arabia, Lebanon and Qatar (other than Palestine and Gaza).


CAPABILITIES

Most of these groups are disorganized and are looking to spread their propaganda
using DDOS and defacement attacks. However, there are a few groups on either
side that can execute more sophisticated attacks.

Throughout this period, CYFIRMA has observed an increasing number of
cybercriminal groups entering the conflict, targeting infrastructure on both
sides.

 * 23 Groups – Pro-Israel
 * 103 Groups – Pro-Palestine
 * 4 Groups – Neutral

Note: This information is subject to change due to the dynamic nature of events.


THREAT ACTORS


PRO-ISRAEL HACKTIVISTS/GROUPS

 * Anonymiss
 * Anonymous India
 * Anonymous Israel
 * AresLeaks
 * Arvin
 * Cyber Club (Support)
 * Dark Cyber Worrior
 * Garuna Ops
 * Gaza parking lot crew
 * GlorySec
 * GonjeshkeDarande
 * ICD- Israel Cyber Defense
 * Indian Cyber Force
 * Indian Darknet Association
 * IT ARMY of Ukraine
 * Kerala Cyber Thunders
 * Kerala Cyber Xtractors
 * Silencers_of_evil
 * SilentOne
 * Team NWH Security
 * TeamHDP
 * Termux Israel
 * UCC Team


PRO-GAZA HACKTIVISTS/GROUPS

 * 4 Exploitation
 * 1915 Team
 * ./CsCrew
 * ./Tea Party
 * Aceh About Hacked World
 * AnoaGhost
 * AnonHamz
 * AnonT13x Group
 * Anonymous 070
 * Anonymous Indonesia
 * Anonymous Morocco
 * Anonymous Russia
 * Anonymous Sudan
 * Arab Anonymous Team
 * ASKAR DDOS
 * Awham
 * Bandung Cyber Team
 * Bangladesh Civilian Force
 * Black Security Team
 * Blackshieldcrew MY
 * Boom Security
 * Cubjrnet7
 * Cscrew
 * Cyb3r Dragonz Team
 * Cyber Error Team
 * Cyb3r Gang
 * Cyber Sederhana Team
 * CyberActivism
 * Dark Storm Team
 * DumpDataBase
 * Dragonforce Malaysia
 * Eagle Cyber Crew
 * Electronic Tigers Unit
 * End Sodama
 * Esteem Restoration Eagle
 * F7 Xpl0it3r
 * Fr3dens of Security
 * Ganosec team
 * Garnesia Team
 * Gb Anon 17
 * Ghost Clan Malaysia
 * GhostClan
 * Ghost Hunter Illusion
 * GhostSec
 * Hacktivism Indonesia
 * Hizbullah Cyb3r Team
 * IndoGhostSec
 * Islamic Cyber team | Indonesia
 * islamic hacker army
 * Jateng Cyber Team
 * JATIM RedStorm Xploit
 * KEP TEAM
 * khalifah cybercrew
 * Khan cyber Army
 * KillNet
 * Kingman world official
 * Kuningan Exploiter
 * LGH
 * Malaysia cyber defacer
 * MeshSec
 * Milad Hacking
 * M.H.T
 * Moroccan Black Cyber Army
 * Moroccan Defenders Group
 * MrWanz
 * Muslim Cyber Army
 * Mysterious Team Bangladesh
 * xNot_RespondinGx
 * Pakistan Cyber Hunter
 * Pakistani Leet Hackers
 * Panoc team
 * Royal Battler BD
 * Russian tools
 * Siber Team
 * Siegedsec
 * Skynet
 * StarsX Team
 * Storm-1133
 * Stucx Team
 * Sukowono Blackhat Team
 * Sylhet Gang-SG
 * Synix CyberCrimeMY
 * Systemadminbd Official (BCF)
 * Team Anon Force
 * Team Azrael Angel of Death
 * Team Herox
 * The key40
 * Team R70
 * Team R
 * Team_insane_Pakistan
 * Teng Korak Cyber Crew
 * The Ghost Squad
 * The White Crew
 * Toyonzade
 * Turk Hack Team
 * TYG Team
 * UserSec
 * VulzSec
 * WeedSec
 * x7root
 * Yemen Legions Team
 * YourAnon T13x


GROUPS TARGETING OTHER COUNTRIES THAT ARE SUPPORTING ISRAEL

 * Anonghost
 * Cyber Av3ngers
 * Deltaboys
 * GhostSec
 * Ghosts of Palestine
 * Killnet
 * Storm-1133


NEUTRAL GROUPS

 * Cyber Army Of Russia
 * DUNIA MAYA TEAM
 * KromSec
 * ThreatSec


APTS

Given how APT groups usually operate, we have not observed any confirmed
activity yet. However, it is highly likely that they will attempt to take
advantage of the situation to carry out more sophisticated attacks than we have
seen so far from other groups. Below is a list of groups that have a history of
targeting Israel:

 * DEV-0270
 * Arid Viper, APT-C-23
 * POLONIUM
 * DEV-0133
 * DEV-0227
 * DEV-0343
 * Storm-1084
 * RUBIDIUM
 * APT32
 * APT33
 * APT34
 * APT35
 * APT39
 * Moses Staff


CONCLUSION

Since the initial attack by Hamas, CISA is “in very close contact” with the
Israeli National Cyber Directorate to share intelligence. US President Joe Biden
is scheduled to embark on a trip to Israel, followed by Jordan, where he will
engage with both Israeli and Arab leaders. On the other hand, Iran’s Foreign
Minister, Abdollahian, has issued a warning about the possibility of Iran and
its allies taking “preemptive action” in the near future in response to Israel’s
attacks on Gaza. The Israeli-Palestinian conflict saw a significant escalation
in cyber attacks by hacktivist groups and threat actors from various regions,
targeting government websites, education and media sector, billboards, power
plants, alert systems, and even sensitive military information. The involvement
of these cyber actors added a new dimension to the ongoing conflict,
highlighting the vulnerability of nations to cyberattacks in times of elevated
tensions. As the situation began to unfold, it became clear that cybersecurity
would play a critical role in this complex and long-standing conflict. The
ongoing war has cost a lot of innocent lives on both sides.


RECOMMENDATIONS


TACTICAL RECOMMENDATIONS

 * Enhance DDoS Mitigation: Given the prevalence of DDoS attacks in this cyber
   conflict, organizations and governments should invest in robust DDoS
   mitigation technologies and strategies. Employing real-time traffic analysis
   and traffic scrubbing can help minimize service disruptions.
 * Regular Vulnerability Scanning: Continuous vulnerability scanning of critical
   infrastructure is crucial. Identify and address vulnerabilities promptly to
   reduce the risk of exploitation by hacktivist groups.
 * Multi-Factor Authentication (MFA): Implement MFA for all privileged accounts
   and critical systems, including RDPs and VNCs. This adds an extra layer of
   protection against unauthorized access.
 * Incident Response Planning: Develop and regularly update an incident response
   plan. Ensure that security teams are well-prepared to respond to cyber
   incidents swiftly and effectively.


STRATEGIC RECOMMENDATIONS

 * Threat Intelligence Sharing: Encourage regional and international threat
   intelligence sharing to improve awareness of ongoing threats. Collaborative
   efforts can help predict and mitigate attacks more effectively.
 * Diplomatic Engagement: Governments should engage in diplomatic discussions to
   de-escalate geopolitical tensions. Reducing the motivation for hacktivist
   activities at their source can be an effective long-term strategy.
 * Public Awareness Campaigns: Launch public awareness campaigns to educate
   citizens about cyber threats, including phishing and disinformation. An
   informed public is less susceptible to hacktivist propaganda.
 * International Norms and Agreements: Advocate for international agreements and
   norms regarding cyber warfare. Establishing clear rules of engagement in
   cyberspace can deter hacktivist groups.


MANAGEMENT RECOMMENDATIONS

 * Cybersecurity Training: Invest in training and awareness programs for
   employees and government officials. A well-informed workforce is a critical
   defense against social engineering attacks.
 * Resource Allocation: Allocate resources for enhancing critical infrastructure
   security. Ensure that budgetary support is provided for cybersecurity
   measures that protect essential services.
 * Regular Drills and Exercises: Conduct regular cybersecurity drills and
   exercises to test incident response plans and identify areas for improvement.
 * Collaborative Partnerships: Foster partnerships with cybersecurity firms and
   organizations that can provide threat intelligence, incident response
   support, and security expertise.


APPENDIX: RECOMMENDED PUBLIC REPORTING


ARID VIPER

 * 02/2015: Operation Arid Viper: Bypassing the Iron Dome – Trend Micro
 * 02/2015: The Desert Falcons targeted attacks – GReAT
 * 2017: Delphi Used To Score Against Palestine – Cisco TALOS
 * 04/2021: Taking Action Against Arid Viper – Meta
 * 02/2022: Arid Viper APT targets Palestine with new wave of politically themed
   phishing attacks, malware – Cisco TALOS
 * 03/2022: What is Arid Gopher? – Deep Instinct
 * 04/2022: Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli
   Officials – Cybereason
 * 04/2023: Mantis: New Tooling Used in Attacks Against Palestinian Targets –
   Symantec


GAZA CYBERGANG

 * 11/2012: Systematic cyber attacks against Israeli and Palestinian targets
   going on for a year – Norman
 * 08/2013: Operation Molerats: Middle East Cyber Attacks Using Poison Ivy –
   FireEye
 * 06/2014: Molerats, Here for Spring! – FireEye
 * 04/2015: Attacks against Israeli & Palestinian interests – PwC
 * 09/2015: Gaza cybergang, where’s your IR team? – GReAT
 * 01/2016: Operation DustySky – Clearsky
 * 06/2016: Operation DustySky Part 2 – Clearsky
 * 10/2016: Moonlight – Targeted attacks in the Middle East – Vectra
 * 11/2016: MoleRats: there’s more to the naked eye – Pwc
 * 01/2017: Downeks and Quasar RAT Used in Recent Targeted Attacks Against
   Governments – Unit42
 * 10/2017: Gaza Cybergang – updated activity in 2017 – GReAT
 * 01/2018: The TopHat Campaign: Attacks Within The Middle East Region Using
   Popular Third-Party Services – Unit42
 * 04/2018: Operation Parliament, who is doing what? – GReAT
 * 04/2019: The Gaza cybergang and its SneakyPastes campaign – GReAT
 * 05/2019: Israel Defense Force bombing of alleged operations center
 * 10/2019: Suspected Molerats’ New Attack in the Middle East – 360
 * 11/2019: Report on the attack on the Palestinian government by the APT
   organization “Pat the Bear” (Translated) – Rising
 * 01/2020: Analysis of Threat Groups Molerats and APT-C-37 – AT&T
 * 02/2020: New Cyber Espionage Campaigns Targeting Palestinians – Part 1: The
   Spark Campaign – Cybereason
 * 03/2020: Molerats Delivers Spark Backdoor to Government and
   Telecommunications Organizations – Unit42
 * 12/2020: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage
   Campaign – Cybereason
 * 12/2020: Molerats APT: New Malware and Techniques in Middle East Espionage
   Campaign – Cybereason
 * 04/2021: Threat Group Uses Voice Changing Software in Espionage Attempt –
   Cado
 * 06/2021: New TA402 Mole Rats Malware Targets Governments in the Middle East –
   Proofpoint
 * 01/2022: New espionage attack by Molerats APT targeting users in the Middle
   East – Zscaler
 * 02/2022: Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage
 * 10/2022: Analysis of a Management IP Address linked to Molerats APT – Team
   Cymru


PLAID RAIN

 * 06/2022: Exposing POLONIUM activity and infrastructure targeting Israeli
   organizations – Microsoft
 * 10/2022: Polonium Targets Israel With Creepy Malware – ESET
 * 12/2022: Polonium APT Group: Uncovering New Elements – Deep Instinct 


LEBANESE CEDAR

 * 03/2015: Volatile Cedar Technical Report – Checkpoint
 * 03/2015: Sinkholing Volatile Cedar DGA Infrastructure – GReAT
 * 06/2015: New Data: Volatile Cedar Malware Campaign – Checkpoint
 * 01/2021: “Lebanese Cedar” APT – Global Lebanese Espionage Campaign Leveraging
   Web Servers – Clearsky
 * 10/2022: DeftTorero: tactics, techniques and procedures of intrusions
   revealed – Kaspersky


SHROUDEDSNOOPER

 * 09/2023: New ShroudedSnooper actor targets telecommunications firms in the
   Middle East with novel Implants – Talos


COBALT SAPLING

 * 02/2022: StrifeWater RAT: Iranian APT Moses Staff Adds New Trojan to
   Ransomware Operations – Cybereason
 * 02/2022: Moses Staff Campaigns Against Israeli Organizations Span Several
   Months – Fortinet
 * 01/2023: Abraham’s Ax Likely Linked to Moses Staff – Secureworks
 * 11/2021: Uncovering MosesStaff Techniques: Ideology Over Money – Checkpoint

Source: https://www.wired.com/story/israel-hamas-war-hacktivism/

sentinelone.com/labs/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/

axios.com/2023/10/17/israel-hamas-war-political-hackers-hacktivists-cybersecurity




SHARE THIS:

 * Twitter
 * Facebook
 * 


LIKE THIS:

Like Loading…
Cyberattacks and Hackers




LEAVE A REPLY CANCEL REPLY

Δ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com


 

Loading Comments...

 

Write a Comment...
Email (Required) Name (Required) Website

 * Comment
 * Follow Following
    * Cyber Army
      Sign me up
    * Already have a WordPress.com account? Log in now.

 *  * Cyber Army
    * Edit Site
    * Follow Following
    * Sign up
    * Log in
    * Copy shortlink
    * Report this content
    * View post in Reader
    * Manage subscriptions
    * Collapse this bar

%d bloggers like this: