Israel-Hamas war hacks slow down but go global
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Shoshana Gordon/Axios
Hackers targeting the war between Israel and Hamas are starting to slow their activity — but some groups are taking their attacks global, according to recent research.
Why it matters: Cyberattacks spilling outside of the countries engaged in war can risk bringing additional governments into a conflict.
What's happening: The politically motivated hacking groups that have been active since Hamas' surprise attack on Israel are now starting to target organizations based in nations allied with Israel.
- Anonymous Sudan, a hacking group that's been working against Israel, claims it's now targeting organizations in Kenya due to the Kenyan government's support for Israel, according to SecurityScorecard research published Wednesday.
- Dark Storm Team, a pro-Palestine hacking group, claimed last week it had targeted U.S.-based Snapchat for similar reasons, per SecurityScorecard. (No evidence of this attack has surfaced.)
- Gil Messing, chief of staff at Israel-based cyber company Check Point Software Technologies, said in an email to Axios that anti-Israel group Irox Team is alleging that it's targeting companies in Brazil, which is supporting Israel.
The big picture: It's become common practice for politically motivated hacking groups (also known as hacktivists) to target allies of the countries involved in an armed conflict.
- During the war in Ukraine, pro-Russia hackers in the Killnet group have targeted several NATO countries, including websites for U.S. airports.
Between the lines: The majority of the cyberattacks these hacking groups are launching are still unsophisticated and low level.
- Many of them take the form of a distributed denial-of-service attack, where a website is rendered inaccessible due to overwhelming amounts of bot traffic.
- And many groups' claims of destructive cyberattacks lack proof. Pro-Palestine group Solomon's Ring boasted on Oct. 7 that it had stolen data from an "important Israeli data center," but it has yet to upload any of the files or other evidence to support this claim, according to SecurityScorecard.
Yes, but: Other hacking groups have returned to their regular operations — or have slowed their activity altogether.
- Killnet, which has been targeting Israeli organizations, has returned to attacking Ukraine-based entities, according to its Telegram posts.
- A few groups haven't posted in their Telegram channels — which they often use to boast about alleged targets or website-shutdown attacks — in at least two weeks, according to SecurityScorecard's report.
What's next: Political hacking activity tends to come in waves through the lifespan of an armed conflict.
- It's possible another wave of politically charged cyberattacks will emerge in the coming weeks or months.
