Hacktivist Attacks – Israel’s Energy and Defense Sector Under Attack

A threat group operating out of Gaza has been linked to a series of cyberattacks targeting private-sector organizations in Israel, specifically in the energy, defense, and telecommunications sectors. 

Group-IB’s Threat Intelligence automatically detects new #hacktivist activity, and we’ve seen that threat actor groups are entering the fray and launching attacks on government websites and IT systems amid the escalation in the Israeli-Palestinian conflict. Rest assured, we will… pic.twitter.com/uZeqAOKjoo

— Group-IB Threat Intelligence (@GroupIB_TI) October 8, 2023

Microsoft disclosed these findings in its fourth annual Digital Defense Report and has been monitoring this campaign under the “Storm-1133.”

Where does the threat actor belong?

It’s been determined that this group is likely aligned with Hamas, a Sunni militant organization controlling the Gaza Strip. 

Their attacks have predominantly targeted organizations seen as adversaries to Hamas, including entities in the Israeli energy and defense sectors and those loyal to Fatah, a Palestinian political party based in the West Bank.

Modus Operandi of Attack

The attacks involve a combination of social engineering tactics and the creation of fictitious LinkedIn profiles posing as Israeli HR managers, project coordinators, and software developers. 

These profiles are used to initiate contact, send phishing messages, conduct surveillance, and deliver malware to employees within Israeli organizations.

Microsoft Analysis

Microsoft also noted that Storm-1133 has attempted to infiltrate third-party organizations with known ties to Israeli entities of interest. 

These intrusions serve the purpose of deploying backdoors, coupled with a configuration that permits the group to dynamically update their command-and-control (C2) infrastructure hosted on Google Drive. 

This technique allows them to remain ahead of certain static network-based defenses.

War Should Never be an Option!

The heightened tensions in the Israeli-Palestinian conflict are marked by an uptick in hacktivist operations such as “Ghosts of Palestine,” which aims to disrupt government websites and IT systems in Israel, the United States, and India.

Palestinian hacker group Ghosts of Palestine is inviting hackers around the world to attack Israel’s and US private and public infrastructure. #CyberAttack #Threatintel #IsraelPalestineConflict pic.twitter.com/cVRm4loT8A

— FalconFeeds.io (@FalconFeedsio) October 8, 2023

Moreover, approximately 70 incidents have been identified where Asian hacktivist groups actively target nations like Israel, India, and France, primarily due to their alignment with the United States.

Additionally, nation-state threats have evolved from destructive and disruptive actions to more prolonged espionage campaigns. 

The United States, Ukraine, Israel, and South Korea have become focal points for cyberattacks in Europe, the Middle East and North Africa (MENA), and Asia-Pacific.