Hacktivism and influence operations are playing a significant role in the ongoing Hamas-Israel war, with both sides utilizing cyber tactics to gain influence and spread disinformation. According to Bloomberg, there has been a surge in hacktivism during the conflict, with some of it being grassroots efforts and others being conducted by state-directed auxiliaries and front groups. Many of these front groups are believed to be operated from Iran.
One example of this hacktivism competition for influence is the recent damage to a Gaza hospital. Both Hamas and Israel accused each other of a strike on the Al Ahli Hospital, with Hamas claiming it was an Israeli airstrike and Israel claiming it was a malfunctioning rocket launched by Palestinian Islamic Jihad. However, evidence seems to point to the latter explanation, with the US National Security Council tweeting their assessment that Israel was not responsible for the explosion at the hospital. The Israeli Defense Forces also released intercepted conversations between Hamas operatives discussing the incident and attributing it to a failed rocket launch. Despite this evidence, Hamas’s claims of an Israeli airstrike continue to be accepted and circulated in Islamist and Arab circles, leading to protests.
In the midst of the conflict, misinformation and disinformation are also spreading. ZeroFox has identified an increase in anti-Palestinian disinformation from seemingly Indian accounts and anti-Israel disinformation from seemingly pro-Russian accounts. False or dubious claims are often concentrated on social media platforms like Twitter and Telegram, with accounts impersonating trusted sources to amplify disinformation.
Hacktivist auxiliaries in the conflict have mainly focused on website defacements, taking a similar approach to hacktivism seen during Russia’s war against Ukraine. According to ComputerWeekly, these attacks have been relatively low-grade and opportunistic, rather than strategic or highly impactful. Experts suggest that hacktivists are unlikely to make a significant difference in combat situations.
In Ukraine, hacktivists from the Ukrainian Cyber Alliance claimed to have gained access to servers used by the Trigona ransomware gang. They exfiltrated data from the servers and wiped them, using a recently discovered vulnerability to gain remote access. The UCA has vowed to make decryption keys publicly available if they find them in the exfiltrated data.
Meanwhile, eleven telecommunications providers in Ukraine have experienced cyberattacks by an organized group of criminals. The attacks aim to disrupt networks and server equipment rather than steal or extort data.
Researchers have also observed a credential-harvesting campaign linked to Russia, targeting individuals with phishing emails that carry an exploit for a vulnerability in WinRAR compression software. These phishing emails pretend to share indicators of compromise associated with malware strains. While specific attribution has not been made, speculation suggests that the campaign may be run by the Russian foreign intelligence service.
Belgian websites were also targeted by Russian hacktivist auxiliaries as a form of retaliation for Belgian support of Ukraine. Several websites, including those belonging to the Senate, the Federal Public Service Finance, and the monarchy, were affected.
Lastly, a coordinated campaign of emailed bomb threats has been reported in the Baltic region, believed to be orchestrated by Russian operators. These threats aim to create panic and burden law enforcement institutions.
Overall, hacktivism and influence operations are playing a significant role in the Hamas-Israel war, with both sides utilizing cyber tactics to spread their narratives, amplify disinformation, and gain influence. These cyber activities add another layer of complexity to an already tense conflict, highlighting the importance of addressing cybersecurity concerns in modern warfare.