Hacktivists Weigh in on Israel-Hamas War: Developing Story
Threat Actors Respond to the Conflict
Graphic shared by #Team-R70 when planning their attack.
The recent outbreak of violence between Palestine and Israel has not only manifested on the ground but has also spilled into cyberspace. Hacktivist groups have swiftly mobilized, announcing their active participation in disruptive cyber attacks aimed at various institutions in Israel and Palestine. This article sheds light on the escalating cyber warfare and the involvement of notable hacktivist groups like Anonymous Sudan and Killnet.
In addition to this, Overt Operator researchers discovered the intention of R-70, a hacker group from Yemen, to join in on the hacktivism.
What We Know
In the wake of a deadly attack on a music festival by Hamas and subsequent abductions and killings across Israeli towns, the Middle East has witnessed a surge in hacktivism efforts. Israeli officials report that around 700 Israelis were killed, and over 150 were taken hostage, while Gaza's health ministry claims that Israel's retaliatory strikes have resulted in the deaths of at least 511 Palestinians.
Amidst the escalating violence, at least 15 cybercriminal, ransomware, and hacktivist groups have declared their active participation in disruptive attacks against institutions in Israel and Palestine, as well as their supporters. Notably, Anonymous Sudan and Killnet have emerged as prominent actors in this cyber warfare.
Anonymous Sudan, which surfaced earlier this year, has been attributed to major attacks on notable entities such as Microsoft, X (formerly Twitter), and the German foreign intelligence service.
Experts suspect that this hacktivist group is a front for Russian state-sponsored cyberattacks, operating under the guise of Sudanese-based hacktivism. Additionally, there are alleged connections between Anonymous Sudan and Killnet, although the nature of their relationship remains unclear. Despite these claims, Anonymous Sudan has consistently denied any association with the Russian government.
Researchers note that Anonymous Sudan expected difficulty in launching its hacktivism attacks due to a “complete power outage” in Sudan.
Like Anonymous Sudan, Killnet is believed to be Russia-based, or at least Russia-aligned. The group is notorious for launching high-profile distributed denial of service (DDoS) attacks. Both hacktivist groups have announced that their efforts will primarily focus on disrupting targets in Israel. Their motives seem to point back to geopolitical tensions, as Anonymous Sudan accuses the Israeli government of supporting the "terrorist regime" of Ukraine and betraying Russia.
While they had power, the threat actor did claim to have done significant damages on the alert system.
What We're Watching
Our operation discovered communications from Team R-70, a threat actor linked to Yemen. The hacker group has been responsible for hacks on transportation, particularly the major taxi service in Sweden.
Comment made by #TeamR7 in the wake of recent events
Based on R-70’s previous activity, the threat actor group may attempt to disrupt logistics and transportation operations in the Israel region, which would pose significant risks to public services, such as first responders, evacuation services, search crews, etc.
In the wake of outbreaks of violence, and growing threats from multiple stages, Overt Operator will continue to monitor and track open-source hacktivism.