Hackers make their mark in Israel-Hamas conflict
Politically motivated hackers have already started to mobilize in response to the Hamas attack on Israel over the weekend.
Why it matters: Disruptive cyberattacks have taken news sites and emergency services applications offline in the first days after the attack — spurring fear and confusion as people try to keep track of what's happening in the region.
Driving the news: Over the weekend, hackers attacked the Jerusalem Post, the largest English-language newspaper in Israel, as well as a real-time rocket alert app that many Israeli citizens rely on.
- The Jerusalem Post said Monday that its website was down due to a "series of cyberattacks," for which the group Anonymous Sudan has claimed responsibility in its Telegram group. (The Jerusalem Post's website was back online as of Tuesday.)
- Pro-Palestinian group AnonGhost also exploited a flaw in the RedAlert app — which alerts users to real-time rocket launches — and sent fake alerts about a nuclear bomb, according to researchers at Group-IB.
- Ghosts of Palestine, another pro-Palestine hacking group, claimed in its Telegram group on Monday that it had attacked a range of organizations, including Israel's Ministry of Foreign Affairs, the Ben Gurion Airport and others. (However, those websites appeared to be functional as of Monday afternoon.)
The big picture: Politically motivated hackers (known as hacktivists) are quick to lean into heightened conflicts between countries, including terrorist attacks and wars.
- Throughout the war in Ukraine, Russian hackers have launched distributed denial-of-service attacks against Ukrainian organizations, as well as companies in bordering countries.
Between the lines: Politically motivated hackers often launch simple DDoS attacks that take websites offline for hours, or even days.
- While not as consequential as ransomware or traditional espionage, DDoS often adds to the psychological impact of an armed conflict for everyday citizens as they struggle to access basic online services.
Threat level: More hacking groups could get involved in the Israel-Hamas conflict throughout the week.
- CyberKnow, a security research group that tracks cyber warfare activities, estimated that as of Monday, at least 58 groups were actively targeting Israeli and Palestinian organizations with DDoS attacks.
- The Ghosts of Palestine also issued a call in its Telegram group on Sunday for hackers worldwide to join them in attacking Israeli and U.S. public and private infrastructure.
The intrigue: So far, most of the cyber activity appears to be targeting Israel in support of Palestinians. But researchers anticipate that more pro-Israel groups will emerge.
- Of the 58 estimated groups participating in the conflict so far, CyberKnow believes 10 are working in support of Israel and 48 are working either in support of Palestinians or against Israel.
- A few of the groups working against Israel are pro-Russia hacking groups, including Killnet.
Zoom out: State-backed hacking groups, particularly those in Iran, have also been targeting Israel for years — both in their espionage campaigns and in disruptive attacks — and they aren't likely to sit this conflict out.
- Israel and Iran have long engaged in offensive cyberattacks against one another — resulting in downed gas stations, halted steel production and near-breaches of water utilities.
- Iran targeted Israel's government and private organizations more than any other country from July 2022 through June 2023, according to a Microsoft report released last week.
- Rob Joyce, director of cybersecurity at the National Security Agency, said Monday during the Cipher Brief Threat Conference that U.S. intelligence hasn't seen any major cyber campaigns tied to the conflict yet, but they may be underway.
Sign up for Axios' cybersecurity newsletter Codebook here.