The conflict between Gaza and Israel has intensified to new heights over the past few weeks, gaining global attention unlike any other. This escalation of tensions has brought about a new battle line, one that only in recent years has become a pillar to modern-day warfare.

By Patrick McAteer, cyber threat intelligence analyst at SecurityHQ

While the bulk of the fighting has taking place on the ground and been kept closed off to the region, the cyber war has begun to stir and expand worldwide. For years, nations have been putting one another’s cyber defence systems to the test. The difference here is the mass international involvement from groups located far outside the region joining the digital fight.

Silent sabotage

Similar to the further escalation of the Russia-Ukraine war that began almost two years ago, threat groups, individuals and other APT’s have used this chance to exploit various realms across the cyber field. Each with their own motive for joining the fight and idea of what they aim to get out of it.

Some join for their own personal amusement, others for monetary gains, but the majority have joined for the political reasons embedded in this deep-rooted conflict. Just days after Hamas entered Israel on 7 October, we observed a significant increase in the number of threat actors that began to align with one side or the other which, in turn, has also caused a significant increase in the number of cyber-attacks occurring in the region and around the world.

As of right now, there have only been a few serious cases, with the majority causing minimal damage. There are however a few possible developments which could lead to heavier consequences than what we have seen so far, with Russian, Iranian, Indian, and other nation-backed groups recently entering the fray.

Disruption dilemma

Since the outbreak of the current conflict, DDoS (Distributed Denial of Service) has overwhelmingly dominated the landscape of cyber-attack methods being used. While most incidents have resulted in limited damage, we observed instances where overwhelming traffic managed to prevent access to various Palestinian/Israeli government, media, finance, telecommunication, and critical infrastructure websites. These, however, are not permanent solutions, as they last only several minutes or hours.

DDoS has not been the exclusive attack method throughout this conflict; with cases of website defacement and general vulnerability exploits also taking place.

During the initial attack, a mobile app that alerts Israeli civilians of incoming rockets known as “Red Alert: Israel” had a vulnerability exploited. This allowed the hackers to not only intercept alert requests, but also to dispatch fake ones including one that said, “nuclear bomb is coming”.

With thousands more downloading the various warning applications after the drastic influx of rockets, it was also revealed that malicious versions posing as the official “RedAlert” application were being installed all over Israel. After a few days they had obtained access to sensitive information from both iOS and Android stores belonging to over 100 000 users.

The sophisticated spyware within took code from the authentic RedAlert application, but requested further access to the user’s Contacts, Call Logs, Phone IMEI, SMS Messages, list of Installed Software, Logged in Email, other App Accounts and more.

Attacks from sympathisers on both sides of the conflict have caused varied levels of disruption over the past few weeks. For now, the damage has not escalated to much more than websites in both the public and private sector being taken down, defaced or various other exploits being taken advantage of. With the number of groups continuing to expand, there seems to be a sudden surge in malicious activity which places an increased number of organisations at risk.

Development of threat groups

Although the conflict is contained to a small section of the Levant region, the overwhelming mass mobilisation across the world has helped draw a much larger picture of the political landscape rapidly unfolding.

Cyber groups worldwide have pledged their services to varying sides, with the majority siding alongside the pro-Palestine or anti-Israel banner. Many seem to be following the path that their nation takes, with pro-Russian groups like “Killnet” taking up digital arms against Israel and groups based out of Israeli allied nations like “Kerala Cyber Xtractors” in India hitting Palestine.

From state-backed threat actors to individual hacktivists, the wide variety of groups is increasing day by day and does not seem to be slowing down.

The battleground does not stop at the borders of just these two nations though, with cyber-attacks from either side targeting critical infrastructure, military targets, governments, and private organisations of countries that are aligning with the opposing side. Nations with pro-Palestinian hacktivists have set their sights on nations such as US, UK, Germany, India, France, Italy, Canada and more over recent weeks. Likewise, various pro-Israeli hacktivists have targeted, Iran, Iraq, Qatar, Saudi Arabia and Lebanon.

While the list of threat groups is ever changing, here are the current known groups that are actively participating, the side of the conflict they chose to align with and their preferred attack vector.

List Source: Israel-Palestine Cybertracker – Cyberknow

Pro-Israel Group Speciality
AnonyMiss DDoS
Anonymous India DDoS
Ares Data Leak
Dark Cyber Warrior DDoS
Garuna Ops DDoS
Gaza Parking Lot Crew Hack
Glorysec Hack
Indian Cyber Force DDoS/Hack
Israel Cyber Defence DDoS
Kerala Cyber Xtractors DDoS
Op Iran DDoS/Hack
Predatory Sparrow Hack
Red Evils DDoS/Hack
Silencers of Evil Hack
SilentOne DDoS
Team UCC Operations DDoS
Termux Israel DDoS/Hack

 

Pro-Palestine/Anti-Israel Group Speciality
1915 Team DDoS
313 team DDoS
4 Exploitation DDoS
ACEH DDoS/Hack
AnonGhost DDoS
Anonghost Indonesian DDoS
Anony_Mous DDoS
Anonymous BD DDoS
Anonymous Morocco DDoS
Anonymous Sudan DDoS
Arab Anonymous Team DDoS
Ben M’Hidi 54 DDoS/Hack
Black Security Team DDoS
Blacksec DDoS/Hack
Blackshieldcrew MY DDoS
Boom Security DDoS
C.O.A Agency DDoS
Cscrew DDoS
Cyb3r Drag0nz DDoS
Cyber Army Palestine DDoS
Cyber Av3ngers Hack
cyber sederhana team DDoS
Cyber System Error DDoS
Dark Strom Team DDoS/Hack
Darkseek Hacking Group DDoS/Deface
DevilAttacks DDoS
Dragonforce Malaysia DDoS/Deface
Eagle Cyber Crew DDoS
Electronic Tigers Unit DDoS
End Sodoma DDoS/Hack
Esteem Restoration Eagle DDoS
Fallaga Team DDoS
Ganosec team DDoS
Garnesia Team DDoS
Garuda Security DDoS
Gb Anon 17 DDoS
Ghost Clain Malaysia DDoS
Ghost Princess of Palestine DDoS
GhostClan DDoS
Ghosts of Palestine DDoS
Ghostsec Hack/Ransomware
Hacktivist Indonesia DDoS
Haghjoyan DDoS
Hizbullah Cyb3r Team DDoS
HostKillCrew DDoS
Infinite Insight.ID DDoS/Hack
IROX Team DDoS/Hack
Islamic Hacker Army DDoS/Deface
karawang cyber team DDoS
Kep Team DDoS
Ketapang Grey Hat Team DDoS
Khalifah Cyber Crew DDoS/Deface
Killnet DDoS
Komandan Hansip DDoS
kuningan Exploiter DDoS
Lulz Security Agency DDoS
Moroccan Black Cyber Army DDoS
Moroccan Ghosts DDoS
Moses Staff Hack
Muslim Cyber Army DDoS
Mysterious Silent Force DDoS
Mysterious Team Bangladesh DDoS