{ "id": "02929788-4515-4abd-be7e-08b71d7e3049", "created_at": "2026-04-19T02:21:09.704422Z", "updated_at": "2026-04-20T02:21:58.725115Z", "deleted_at": null, "sha1_hash": "37429af409474704c487e657baf2aefadd7360d0", "title": "OpIsrael: A Decade in Review", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 281911, "plain_text": "OpIsrael: A Decade in Review\r\nBy Radware\r\nArchived: 2026-04-19 02:00:21 UTC\r\nOpIsrael is an Anonymous operation that was launched in November 2012 in response to an Israeli military operation, Pillar of Defense.\r\nDownload a Copy Now\r\nAnonymous and several cornerstone operations like OpIsrael have faced a significant decline in support and\r\nbacking for years. This was the result of the fragmentation of Anonymous, competition from other threat groups,\r\nand the general escalation of the threat landscape. But over the last year, the war in Ukraine and geo-political\r\ntensions around the world have resulted in a renewed growth in hacktivism that has revolutionized the way armed\r\nconflicts will be fought in the future.\r\nBackground\r\nOpIsrael is an Anonymous operation that was launched in November 2012 in response to an Israeli military\r\noperation, Pillar of Defense. Pillar of Defense was an eight-day operation launched by the Israel Defense Force on\r\nNovember 14th, 2012, in response to 100 rockets that were fired at Israel within 24 hours from the Hamas-governed Gaza Strip.\r\nhttps://www.radware.com/security/threat-advisories-and-attack-reports/opisrael-a-decade-in-review/\r\nPage 1 of 3\n\nAt the time, OpIsrael was not an official operation, but rather a battle tag the group of hacktivists associated with\r\nAnonymous chose to use for their response to the Israeli operation. During the Anonymous operation in 2012,\r\nhundreds of Israeli websites were targeted with data breaches, defacement, and denial-of-service attacks. This left\r\nmany security professionals wondering if this was what the future of war would look like and if a hacktivist group\r\nsuch as Anonymous could be considered a legitimate army.\r\nThe following year, Anonymous moved to create an annual coordinated campaign against Israel under the battle\r\ntag, OpIsrael. The inaugural campaign was launched on April 7, 2013, parallel to Holocaust Remembrance Day,\r\nwith the goal to “erase Israel from the internet.” The operation targeted networks and applications in Israel for\r\nwhat Anonymous perceived as human rights violations against the people of\r\nPalestine in hopes the campaign would bring attention to the ongoing Israeli-Palestinian conflict.\r\nTimeline\r\nOver the last decade, OpIsrael has evolved both in its impact and relevance. In November 2012, OpIsrael was just\r\na one-off response to an Israel military operation in the Gaza Strip. Still, OpIsrael gained widespread attention in\r\nApril 2013 after Anonymous announced a dedicated yearly campaign. As the years passed, the operation\r\ncontinued to target Israeli institutions to raise awareness about the Israeli-Palestinian conflict. However, the\r\ncollective's impact slowly declined in recent years due to the fragmentation within Anonymous, improved\r\ncybersecurity measures, shifting public opinion, and the rise of other hacktivist groups. As a result, OpIsrael's\r\ninfluence and effectiveness have diminished substantially, causing the campaign to lose much of its initial\r\nmomentum and support.\r\n2014 - During OpIsrael 2014, Anonymous and its affiliates continued their operations against Israel, hoping their\r\nattacks would raise awareness and support the people of Palestine. Attacks at that time mainly consisted of\r\ncrowdsourced-based denial of service attacks, website defacements, and data breaches. In some cases, the\r\nhacktivist leaked personal information, including email addresses, passwords, and phone numbers. It is important\r\nto note that in 2014, several hacktivists were seen repackaging and publishing old data dumps and new leaks. This\r\nis a tactic that would be used heavily in the future as OpIsrael relevance declined. It was also important to note\r\nthat a second operation, OpIsrael Reloaded, was launched in July 2014 by a pro-Muslim, Indian-based hacktivist.\r\n2015 - During OpIsrael 2015, we began seeing Anonymous share knowledge with other members in IRC chats\r\nand on paste sites1. This is likely due to the group realizing the increased challenges they faced with maintaining a\r\nyearly operation with the same level of impact. Despite the hacktivist claims of widespread outages, the 2015\r\ncampaign was relatively limited due to Israeli authorities and organizations taking the appropriate measures to\r\nprepare for an attack.\r\n2016 - During OpIsrael 2016, Anonymous began repeating many of its slogans and reposting content from the\r\nprevious operations. At the time, the collective was distracted by the US presidential election. Before this year,\r\nAnonymous was mainly a voice for the powerless but had begun supporting political candidates as election-related cyberattacks started to take center stage. As a result, OpIsrael suffered and began to lose complete support\r\nfor the operation.\r\nhttps://www.radware.com/security/threat-advisories-and-attack-reports/opisrael-a-decade-in-review/\r\nPage 2 of 3\n\n2017 - During OpIsrael 2017, Anonymous once again attempted to leverage all the resources it could to combat\r\nthe escalating defensive measures deployed by the government and organizations in Israel. In addition to\r\nrepacking old data leaks, the group began searching for unprotected websites of small and medium-sized\r\nbusinesses in hopes of a more significate impact than the years prior. What was left of Anonymous—and its\r\naffiliates associated with OpIsrael—started focusing on maximizing effort by building groups and social channels\r\nto better organize those involved. Inside those channels, Anonymous began sharing more toolkits, loaded with\r\ndenial-of-service scripts, but there was no large adoption of IoT botnets by the collective.\r\n2018 - During OpIsrael 2018, members of Anonymous continued to attempt to transfer knowledge to new\r\nhacktivists by sharing tools and recommendations for launching attacks. As a result, more defacements and simple\r\ndenial-of-service attacks occurred compared to previous years. The collective started sharing detailed information\r\nabout how to run reconnaissance operations, launch web application attacks and use Shodan2 or Google Dorks3 to\r\nincrease their overall impact. One of the main concerns for many organizations during 2017 was the shift away\r\nfrom targeting well-protected assets to targeting small to medium-sized businesses and Israeli citizens who were\r\nindirectly involved with the conflict in Palestine.\r\n2019-2020 - In 2019 and 2020, OpIsrael suffered a significant loss in support as Anonymous fell apart due to\r\npolitical infighting and a shifting of public opinion related to the Israeli-Palestinian conflict. The threat landscape\r\nevolved dramatically during these years as geo-political tensions flared up, making way for state-affiliated\r\ncyberattacks related to regional disputes. 2019 was also the year that the Israeli government targeted and killed a\r\ngroup of Hamas-linked hacktivists in Gaza with an air strike after the group launched a cyberattack against Israel,\r\nforcing many threat actors to think about the potential consequences of their attacks. The following year, a newly\r\nformed group called Hackers of Savior launched a one-off defacement campaign in May that targeted thousands\r\nof Israeli websites showing a video and a countdown related to Quds Day.\r\n2021 - Following the downfall of Anonymous and the lack of support for OpIsrael, a group of pro-Muslim\r\nhacktivists from Southeast Asia launched a new campaign called OpsBedil to fill the void. In 2021, cyberattacks\r\nin general were mainly reactionary in the Middle East, with minor cases of hacktivism in the region typically\r\nfollowing physical or political confrontation. Specifically, OpsBedil was a political response by DragonForce\r\nMalaysia to the Israeli ambassador to Singapore stating that Israel was ready to work towards establishing ties\r\nwith Southeast Asia’s Muslims-majority nations. As a result, the group and several affiliates launched a series of\r\nDDoS and defacement attacks against several organizations in Israel during June and July.\r\n2022 - Following the success of OpsBedil the year before, DragonForce Malaysia launched OpsBedil Reloaded in\r\nresponse to tension in the Middle East during Ramadan. Over the year, the group grew to over 13,000 members\r\nwho mainly communicated on their private forum. During this campaign, DragonForce Malaysia and other threat\r\nactors targeted several organizations in Israel with defacements, denial-of-service attacks, and data leaks.\r\nHacktivist campaigns like OpsBedil, while nowhere close to as notorious as OpIsrael once was, present a renewed\r\nlevel of risk for the region. Unlike Anonymous, which had very little bandwidth remaining to target Israel,\r\nDragonForce Malaysia and its affiliates had the time, the resources, and the motivation to present a new moderate\r\nlevel of risk for Israel and overshadowed anything that resembled OpIsrael in the month of April.\r\nSource: https://www.radware.com/security/threat-advisories-and-attack-reports/opisrael-a-decade-in-review/\r\nhttps://www.radware.com/security/threat-advisories-and-attack-reports/opisrael-a-decade-in-review/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY" ], "origins": [ "web" ], "references": [ "https://www.radware.com/security/threat-advisories-and-attack-reports/opisrael-a-decade-in-review/" ], "report_names": [ "opisrael-a-decade-in-review" ], "threat_actors": [ { "id": "6608b798-f92b-42af-a93f-d72800eeb3a3", "created_at": "2023-11-30T02:00:07.292Z", "updated_at": "2026-04-20T02:00:03.693528Z", "deleted_at": null, "main_name": "DragonForce", "aliases": [], "source_name": "MISPGALAXY:DragonForce", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "843f4240-33a7-4de4-8dcf-4ff9f9a8c758", "created_at": "2025-07-24T02:05:00.538379Z", "updated_at": "2026-04-20T02:00:04.436883Z", "deleted_at": null, "main_name": "GOLD FLAME", "aliases": [ "DragonForce" ], "source_name": "Secureworks:GOLD FLAME", "tools": [ "ADFind", "AnyDesk", "Cobalt Strike", "FileSeek", "Mimikatz", "SoftPerfect Network Scanner", "SystemBC", "socks.exe" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1776565269, "ts_updated_at": 1776651718, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/37429af409474704c487e657baf2aefadd7360d0.pdf", "text": "https://archive.orkl.eu/37429af409474704c487e657baf2aefadd7360d0.txt", "img": "https://archive.orkl.eu/37429af409474704c487e657baf2aefadd7360d0.jpg" } }