{ "id": "d4a536b0-0333-4992-b949-5749b19e9200", "created_at": "2026-04-06T00:11:20.052809Z", "updated_at": "2026-04-10T03:35:59.520993Z", "deleted_at": null, "sha1_hash": "639c26110213dff03d52263ce98b9e3d53004f76", "title": "Reflections of the Israel-Palestine Conflict on the Cyber World", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 145091, "plain_text": "Reflections of the Israel-Palestine Conflict on the Cyber World\r\nPublished: 2023-10-09 · Archived: 2026-04-02 11:57:06 UTC\r\nWelcome to our live blog, “Reflections of the Israel-Palestine Conflict on the Cyber World.” This blog actively\r\ndocuments significant cyber incidents occurring during the Israeli-Palestinian conflict.\r\nYou can navigate to a specific section of updates by clicking on the dates below.\r\n[November 2, 2023] Concluding the live blog\r\n[November 1, 2023] Anonymous Sudan Continues to Target Media Agencies\r\n[October 31, 2023] Beyond Hacktivism: The Sabotage Strategies of APT Groups\r\n[October 30, 2023] APT Groups Have Surfaced\r\n[October 27, 2023] Old Tactics, New War\r\n[October 26, 2023] War on the Google Maps\r\n[October 25, 2023] Don’t Give a Man Fish, Teach Him How to Fish\r\n[October 24, 2023] Google’s Intervention in Telegram\r\n[October 23, 2023] Doubtful Claims and Hacktivist Cooperation\r\n[October 20, 2023] An Iron Dome for cyber lands\r\n[October 19, 2023] Quality over quantity\r\n[October 18, 2023] The calm before the storm\r\n[October 17, 2023] Hacktivists continue to share their attack methods\r\n[October 16, 2023] Hacktivists are trying to maximize their potential\r\n[October 13, 2023] Bombs Explode, and So Do the Borders of Cyber War\r\n[October 12, 2023] DDoS, Defacement, Data Leaks, and now Ransomware are in the arsenal of hacktivists.\r\n[October 11, 2023] Attacks are accelerating, cyber conflict has spread to a global scale\r\n[October 10, 2023] Many hacktivist groups have come back to life, operations have begun\r\nIn the midst of the ongoing Israel-Palestine conflict, a notable upsurge of hacktivist collectives has emerged,\r\nannouncing an unceasing barrage of digital assaults directed at a wide range of targets from both sides of the\r\nconflict.\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 1 of 23\n\nThis situation unfolds as a response to the ongoing Israel-Palestine conflict, which involves Palestinian militant\r\ngroups led by Hamas initiating a large-scale offensive originating from the Gaza Strip and targeting Israel.\r\nAlthough the cyber world sometimes seems like a stand-alone entity, it must be a reflection of the physical world,\r\nso just like the hacktivism resurgence that came with the Ukraine-Russia war, this sad conflict situation for\r\nhumanity will also show an increasing business of war in the cyber world.\r\nThe Hacker Groups Involved in the Israel-Palestine Conflict\r\nIn the ongoing conflict, where the global landscape is mainly split into two factions, NATO and Western-aligned\r\nnations often lean towards supporting Israel. Conversely, many countries in Asia tend to align themselves with the\r\nPalestinian cause. However, it is worth noting that some nations, like India, may adopt positions that diverge from\r\ntheir geographic affiliations. Both political alliances and geopolitical priorities influence this dynamic.\r\nWhen we analyze these events through this lens, it becomes increasingly challenging to categorize countries\r\ndefinitively into one camp or the other. This complexity is even more pronounced in the realm of cyberspace.\r\nWhile hacktivist groups typically align with the political objectives of their home country, there are instances\r\nwhere they may adopt alternative stances.\r\nPro-Israel Groups Pro-Palestine Groups Neutral Groups\r\nIndian Cyber Force KillNet ThreatSec\r\nUCC Team Anonymous Sudan Cyber Army Of Russia\r\nGaruna Ops UserSec KromSec\r\nSilentOne Anonymous Russia\r\nIT ARMY of Ukraine Ghosts of Palestine\r\nKerala Cyber Xtractors Team Azrael Angel of Death\r\nTermux Israel Dark Strom Team\r\nICD-Israel Cyber Defense Pakistani Leet Hackers\r\nGaza parking lot crew Sylhet Gang-SG\r\nIsr@CyberH3ll Team_insane_Pakistan\r\nAnonymous Israel Hacktivism Indonesia\r\nGlorySec Garnesia Team\r\nTeam NWH Security Blackshieldcrew MY\r\nDark Cyber Warrior Gb Anon 17\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 2 of 23\n\nPro-Israel Groups Pro-Palestine Groups Neutral Groups\r\nIndian Cyber Sanatani Anonymous Morocco\r\nIndian Darknet Association Ghost Clain Malaysia\r\nRedEvils Mysterious Team Bangladesh\r\nGanosec team\r\nMoroccan Black Cyber Army\r\nMuslim Cyber Army\r\nGhostClan\r\nEagle Cyber Crew\r\nYourAnon T13x\r\nTeam Herox\r\nSynixCyberCrimeMY\r\nPanoc team\r\n4 Exploitation\r\nTeam R70\r\nStucx Team\r\nThe White Crew\r\nCscrew\r\nTYG Team\r\nHizbullah Cyb3r Team\r\nElectronic Tigers Unit\r\nStarsX Team\r\nDragon Force Malaysia\r\nGhostSec\r\nCyb3r Drag0nz\r\n1915 Team\r\nMoroccan Defenders Group\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 3 of 23\n\nPro-Israel Groups Pro-Palestine Groups Neutral Groups\r\nVulzSec\r\nEnd Sodoma\r\nSkynet\r\nASKAR DDOS\r\nStorm-1133\r\nArab Anonymous Team\r\nI.C.C\r\nACEH\r\nBangladesh Civilian Force\r\nWeedSec\r\nKEP TEAM\r\nAnonGhost\r\nMoroccan Defenders Group\r\nMoroccan Ghosts\r\nGaruda Security\r\nJateng Cyber Team\r\nJakarta Error System\r\nT.Y.G Team\r\nEsteem Restoration Eagle\r\nUS Nexus Cyber Team\r\nIslamic Cyber Team\r\nAnonGhostMedia\r\nTengkorakCyberCrew\r\nHaghjoyan\r\nFakeSec\r\nCYBER Sederhana Team\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 4 of 23\n\nPro-Israel Groups Pro-Palestine Groups Neutral Groups\r\nIrox Team\r\nChaosSec\r\nThe Cyber Watchers\r\nAnonymous Algeria\r\nDark Team\r\n177 Members\r\nHere’s a mapping of the threat groups involved in the Israel-Palestine conflict. You can navigate around the mind\r\nmap by dragging and dropping.\r\nHacktivist Dynamics\r\nThe abundance of pro-Palestinian hacktivists can be attributed to one primary factor: Hacktivism enjoys greater\r\npopularity in the Eastern hemisphere. When examining the landscape, it becomes apparent that even pro-Israel\r\ngroups have their origins in Asia.\r\nNotably, significant hacktivist collectives like KillNet and Anonymous Sudan have not only drawn numerous\r\nfollowers but have also significantly inflated this number, leading to considerable disruptions. KillNet, a pro-Russian hacking collective, justified its actions against Israel by referencing Israel’s support for Ukraine in 2022,\r\nwhich Russia perceived as a betrayal and this also applies to many pro-Russian groups.\r\nAnonymous Sudan, highly suspected of having Russian support, targeted Israeli alert systems, claiming\r\nresponsibility for disrupting Israel’s Tzeva Adom early warning radar system and launching a DDoS attack on the\r\nJerusalem Post news service.\r\nAnonymous Sudan’s Post on Telegram\r\nGroups with Islamic tendencies gather on the Palestinian side. Furthermore, one of Stucx Team’s claims is that\r\nthey hacked an Israeli SCADA system’s website.\r\nStucx Team’s Post on Telegram\r\nStucx’s claim about Israeli Scada\r\nOn the Israeli side, Indian hacktivist groups stand out, and it should be stressed that they call on non-Muslim\r\nhackers in the UCC’s and Garuna Ops’ post to take action for an anti-Palestinian stance.\r\nUCC’s Post on Telegram\r\nNot every group with Russian origin has taken a completely anti-Israeli stance yet. The Cyber Army of Russia\r\nconsults its users on what stance it should take, as seen in the figure below.\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 5 of 23\n\nCyber Army of Russia’s Post on Telegram\r\nSome groups are just looking for chaos, with Five Families member ThreatSec stating that they are not on any\r\nside, but adding that they will still target Israel.\r\nThreatSec’s Post On Telegram\r\nThe IT Army of Ukraine posted a message stating it is on Israel’s side, but it does not look like they will take\r\naction.\r\nIT Army of Ukraine’s post on Telegram\r\nNovember 2, 2023\r\nTargets such as Japan, Azerbaijan, and India continue to be targeted by hacktivists. There are also leak claims\r\nabout an attack targeting a company in Japan. Yokajawa, an international company based in Japan specializing in\r\ninformation technology and digital services, is reportedly a victim of a cyberattack. Threat actors asserted that\r\nthey had obtained sensitive employee information. Hacktivist groups also carried out DDoS attacks on many\r\nJapanese websites yesterday.\r\nAlleged hacking of “Yokajawa”\r\nThe 4 Exploitation Channel group, consistently striving to guide website administrators during defacement\r\nattacks, expressed their fatigue and the desire for a temporary respite. Interestingly, today is the day we are\r\nconcluding this live blog documentary and shifting to alternative content formats.\r\nClosure announcement of the 4 Exploit\r\nWe will no longer provide daily updates to this live blog, which we’ve been consistently updating with the latest\r\ndevelopments since October 9th, unless significant changes or developments arise.\r\nNovember 1, 2023\r\nWe have entered a new month, and the cyber war storm has relatively calmed down. Today’s highlights were as\r\nfollows:\r\nAnonymous Sudan is targeting AP News with DDoS attacks, and the site was down for 13+ hours. Anonymous\r\nSudan, which also targets Fox News, has been targeting Sudanese press organizations for a while.\r\nAnonymous Sudan’s Telegram post after 13 hours\r\nAlthough Team Insane Pakistan targeted the intergovernmental agency OECD Nuclear Energy Agency website\r\nwith a DDoS attack, it seems like an attack that does not have much effect or logical purpose.\r\nTeam Insane Pakistan’s Telegram post\r\nThe 177 Member group, a South Asian hacktivist collective, shares database leaks from its American and Indian\r\ntargets.\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 6 of 23\n\nThe 177 Member’s Telegram posts\r\nOctober 31, 2023\r\nAs we mentioned yesterday, the activities of APT groups continue to come to light as time goes by, unlike\r\nhacktivists. Amid the ongoing Israeli-Hamas conflict, a pro-Hamas hacktivist group has introduced a new Linux-based malware named BiBi-Linux Wiper, specifically targeting Israeli entities. This malware, an x64 ELF\r\nexecutable, can potentially compromise an entire operating system if executed with root permissions. Notably, it’s\r\ndesigned to corrupt files rapidly, overwrite them, and rename with a “BiBi” extension, a term associated with the\r\nIsraeli Prime Minister, Benjamin Netanyahu.\r\nRecent insights from Sekoia suggest that the suspected Hamas-affiliated threat actor, Arid Viper, operates in two\r\ndistinct sub-groups, each focusing on cyber espionage activities in the conflict, against either Israel or Palestine.\r\nTheir tactics include targeting specific individuals and broader groups from sectors like defense and government,\r\nusing methods such as social engineering, phishing, and deploying a variety of custom malware for surveillance\r\npurposes. That being said, it seems that we will witness the actions of APT groups, the elite units of cyber warfare,\r\nin the coming days, months, and years.\r\nAgain, as we said before, hacktivist actions continue to decrease in number, but they still occur in high numbers.\r\nGlobal targets continue to be attacked by hacktivists, “defacements,” and DDoS attack announcements regarding\r\nthe US, India, and Israel continue to be shared on Telegram channels. However, the claims, especially in South\r\nAsian hacktivist groups, seem random and unfounded these days. Although many groups cannot even identify the\r\ninstitutions they target, they continue their random attacks, e.g., America Website Bank(?)\r\nGaruda Security’s claims\r\nThe Cyber Error System group continues its defacement attacks, with India being one of its primary targets, and\r\ndoes not forget to leave a note for the Web Administrator on the “hacked” web pages.\r\nCyber Error System’s Telegram post\r\nToday’s most important incident came from a hacktivist group that can speak English. SiegedSec breached\r\nBEZEQ, the leading telecom firm in Israel. Moreover, the group alleges that the Embassies of Finland, Hungary,\r\nand the U.S. in Israel were affected by the intrusion.\r\nSiegedSec’s claims, posted on Telegram\r\nOctober 30, 2023\r\nWhile the cyber conflict ran in parallel with the ongoing Israel-Palestine war, hacktivist groups dominated the\r\nspotlight for an extended period due to the strength of their voices. However, this doesn’t diminish the\r\nsignificance of their actions, as such activities can accumulate and lead to significant problems. Additionally,\r\nhacktivist movements can serve as distractions for other activities. Thus, the most profound cyber threats come\r\nfrom APT (Advanced Persistent Threat) groups, and the cyber realm is becoming increasingly crucial in the\r\nevolving warfare landscape. Naturally, this situation will inevitably have reflections on the Israel-Hamas conflict.\r\nMoses Staff, a pro-Iranian group APT, has now resumed full-scale operations, continuing their previous campaign\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 7 of 23\n\nby executing data breaches and disruptive attacks. They have set up a comprehensive information operation and\r\nare present on platforms like X, Telegram, and their website.\r\nMoses Staff’s tweet about the incoming attacks\r\nTeam Insane Pakistan, a hacktivist group we frequently feature, targeted important government bodies from many\r\ncountries today. It carried out a DDoS attack on the websites of many critical organizations, from the State Oil\r\nCompany to the Ministry of Defense across many Pro-Israeli countries.\r\nTeam Insane Pakistan’s Telegram post\r\nThe official spokesperson representing Anonymous Sudan has announced that Western media outlets sharing\r\n‘false information’ will face Distributed Denial of Service (DDoS) attacks. Following this, CNN, NYPost,\r\nWashington Post, and Daily Mail UK were subjected to DDoS attacks, with the attacks lasting an average of\r\napproximately two hours. In the initial stages of the conflict, Anonymous Sudan had also targeted the Jerusalem\r\nPost for a similar motive, highlighting the ongoing trend of media companies being frequent targets for such\r\nattacks.\r\nAnonymous Sudan’s first post about the recent attacks on media\r\nOctober 27, 2023\r\nThe heart of hacktivism beats in Asia in recent years, but the first group that came to mind for a long time was\r\nAnonymous. Although various subgroups of Anonymous have been on both sides of this conflict, An “official”\r\nannouncement came from Anonymous today. Although they expressed their good wishes to people on both sides\r\nof the war without taking an ideological or political side, they still accused the Israeli government of\r\nwarmongering and displayed a pro-Palestinian attitude. However, many Twitter users approached this\r\nannouncement cynically, thinking that this event would not yield any results or that the so-called official\r\nAnonymous group would not take any action.\r\nScreenshot of the Twitter profile @anonewsco’s post\r\nSimilar to the targeting of Singapore and Japan, a new hacktivism target has become Thailand. Team Insane\r\nPakistan group carried out a DDoS attack on a hospital’s website of Thailand. Unfortunately, civilian\r\ninfrastructures continue to be targeted in such attacks.\r\nTeam Insane Pakistan’s Telegram post, a hospital is on the target\r\nAgain, one of the most preferred attacks continues to be data leaks, an example of which was posted today by Irox\r\nTeam, an American E-tracker website database leaked for “supporting” Israel.\r\nIrox Team’s Telegram post, database leaked publicly\r\nLastly, although various sources provide new publications, if you follow this live blog regularly, you may not have\r\ncome across anything that will surprise you, but we would like to share the IoCs of malware used by hacktivists\r\nincluded in SentinelOne’s article that we found useful. The RedLine stealer, Private Loader and their current IoCs\r\ndetected by SentinelOne in the Israel-Hamas:\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 8 of 23\n\nRedline Stealer (SHA1)\r\n0b0123d06d46aa035e8f09f537401ccc1ac442e0\r\nPrivateLoader (SHA1)\r\na25e93b1cf9cf58182241a1a49d16d6c26a354b6\r\n8ade64ade8ee865e1011effebe338aba8a7d931b\r\nOctober 26, 2023\r\nGoogle has temporarily suspended live traffic conditions on its mapping services, Google Maps and Waze, within\r\nIsrael. According to CNN’s news, This decision comes in response to the escalating conflict in the region and the\r\nground invasion of Gaza. Notably, Google took a similar step during the Russia-Ukraine conflict, temporarily\r\nturning off real-time vehicle data in Ukraine.\r\nAfter Google’s decision, an interesting cyber attack or, in other words, vandalism took place. As stated in CNN’s\r\nnews, cyber activists have exploited a feature of Google Maps, allowing them to post anti-Israel messages on the\r\nplatform, mainly targeting the Rafah border crossing with statements like “F**k Israel” and “May god curse\r\nIsrael’s Jerusalem.”\r\nCertainly, this situation doesn’t point to any security breach or attack on Google’s part. However, it does\r\nunderscore the potential for manipulation in user-generated content. As we observe the growing role of smart\r\ndevices and artificial intelligence in modern conflicts, a concerning vulnerability arises – the likelihood of\r\norchestrating deceptive data flows to these devices, a threat we believe will gain greater significance.\r\nWhile we understand the significant harm that disinformation and misinformation can inflict in the real world, it is\r\nevident that false narratives can propagate at an accelerated pace within the digital world. Moreover, digital\r\ncommunication platforms and methods like social media can generate confusion -within the concept of\r\nhyperreality- even seemingly minor actions, regardless of malicious intent, have the potential to exert substantial\r\ninfluence.\r\nGoogle Maps image of Israel\r\nOn the cyber side of the war, South Asia continues to be a battlefield, at least as much as the Middle East. India\r\ncontinues to be under intense attack with its pro-Israel stance. An Indian military/aircraft company was one of the\r\ntargets of this day.\r\nA newly monitored threat actor-group(?) Dark Team in South Asian hacktivist arena\r\nOther Indian websites are also continuing to be targeted with defacement attacks as well as DDoS attacks.\r\nDefacement attack of Indonesian hacktivists\r\nIndian hackers are responding to this situation by adopting an intriguing tactic that hinges on leveraging the\r\nrelatively strong connection between Pakistan and Turkiye. Team Insane Pakistan is informing its followers that\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 9 of 23\n\nIndian hackers are attempting to mimic Turkish hackers to deceive Pakistani hackers.\r\nAlert for scamming campaign\r\nHowever, it seems that even if Indian hackers do nothing, other South Asian hackers continue to have problems\r\namong themselves. The ACEH hacktivist group has announced that it’s not in the alliance with Garuda Security,\r\nseemingly due to a personal dispute.\r\nACEH Group’s announcement\r\nAlthough the Arab world seems to be mostly consolidated on the issue, some countries take a different stance.\r\nAnonymous Algeria threatens the United Arab Emirates against this situation and claims that if this stance of UAE\r\ncontinues, they will be subjected to an attack of an unprecedented magnitude.\r\nAnonymous Algeria’s threat to UAE\r\nOctober 25, 2023\r\nThe GlorySec hacktivist group has adopted an intriguing strategy in their recent Telegram post. This pro-Israeli\r\nhacktivist group has claimed that Palestinian websites employ rudimentary, low-budget firewalls, rendering them\r\nsusceptible to manipulation. They have directed this message toward Israeli officials, aiming to spotlight this\r\nvulnerability. It’s worth noting that GlorySec claims not to disseminate the data they’ve acquired due to its false\r\nusage with the intention that it should be leveraged by Israel as needed.\r\nIn addition to addressing cybersecurity issues, GlorySec has taken a critical stance toward other hacktivist groups.\r\nThey have accused pro-Palestine groups of supporting terrorism and being involved in Russian proxy warfare.\r\nWhile hacktivism typically involves specific cyber actions, GlorySec’s approach seems to lean more towards a\r\nstrategic rather than a purely tactical orientation. By highlighting vulnerabilities and sharing some sort of TTP,\r\nthey may inadvertently aid not only fellow hacktivist groups but also the authorities of one side in the ongoing\r\nconflict. However, it’s essential to recognize that such public disclosures may also help adversaries identify their\r\nweak points.\r\nGlorySec’s mentioned Telegram post\r\nAs we’ve discussed on numerous occasions, various sectors often face cyber attacks based on the political\r\nalignment of their host nations. Whether it pertains to government entities or not, industries like Transportation\r\nand Aviation are prime targets due to their critical role in a country’s logistical infrastructure, especially since they\r\nare points where a country’s capabilities can be damaged.\r\nMysterious Team Bangladesh targeting Italian airport\r\nCountries with alignments -other than Israel-Palestine- and especially countries that have concrete contributions to\r\none side are affected by this situation a lot. Two airports in the UK and Italy were also the targets of DDoS attacks\r\ndue to their pro-Israel attitudes.\r\nSylhet Gang targeting English airport\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 10 of 23\n\nNot only airports but also aircraft companies are targeted. Hacktivists targeted the website of a Canadian aircraft\r\ncompany.\r\nCanadian website defaced by the Garuda Security\r\nOf course, they are trying to limit Israel’s logistics capacity as well. Even though this time, the port is of the sea\r\nrather than of the air, the aim is the same. Team Insane Pakistan claims to have dumped the entire database of the\r\nHaifa Port website.\r\nTeam Insane Pakistan’s database dump of Haifa Port\r\nAlthough it is not very similar to the incidents we have discussed so far, we see an interesting pattern and another\r\nexample of the Indian educational sector – and the healthcare sector – being targeted heavily. It is not known how\r\nconscious hacktivists are on this issue, but the fact that South Asian hacktivists generally attack India and prefer to\r\ndisrupt civilian life instead of targets that can make a concrete contribution to the war seems to be an insight worth\r\ntaking note of.\r\nCyber Error System’s Telegram post, targeting Indian Governmental School\r\nOctober 24, 2023\r\nHacktivist groups on both sides have predominantly used Telegram for coordination and sharing since the\r\nconflicts began. However, a recent development may bring a change to this situation. According to the Jerusalem\r\nPost, the “official” Telegram channels of Hamas and the al-Qassam Brigades were blocked for users who had\r\ninstalled the app via the Google Play Store on Sunday night. In response, Telegram explained, “Some of the\r\nchannels you follow may no longer be accessible on your version of Telegram due to Google Play’s guidelines.”\r\nThey also noted that these channels can still be accessed on other platforms or by downloading the Telegram for\r\nAndroid app directly from Telegram’s website.\r\nAdditionally, Pavel Durov, Telegram’s CEO, has defended the decision to maintain Hamas-related channels on the\r\nplatform. He argues that this can potentially save lives by providing information and serving as a resource for\r\nresearchers and journalists. Durov contends that removing these channels may not necessarily prevent harm, as\r\nTelegram users only see content they subscribe to. The debate revolves around the balance between preserving\r\nfreedom of information and the risk of propagating misinformation and propaganda during conflicts.\r\nTelegram post from pro-Israeli hacktivist group; The two “official” Hamas-Daesh channels on\r\nTelegram have been blocked for access\r\nYesterday, we discussed how pro-Palestinian groups extended their targeting to countries like Japan and\r\nSingapore. As the initial attacks were underway, numerous hacktivist groups and individuals initiated efforts to\r\nfocus on international entities supporting Israel and generated hashtags on social media.\r\nA hacktivist’s call to OpIsrael hackers on Twitter\r\nSimilar calls and hashtags were circulated within hacktivist Telegram communities, resulting in the targeting of\r\nnations that supported Israel.\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 11 of 23\n\nGanoSec’s Telegram post\r\nIranian hackers remain actively involved in these attacks, as evidenced by their sharing of an Excel sheet\r\ncontaining the personal information of 7,000 Israelis. Moreover, within the same Telegram group, there have been\r\nrecent reports of attacks on healthcare institutions in India.\r\nIranian hacktivist Telegram group, a proof video shared\r\nIndustrial plants, water treatment facilities, and SCADA systems are consistently targeted. The CyberAv3ngers\r\ngroup claimed they had successfully hacked Netanya’s Waste Water Treatment Plant, sharing screenshots from the\r\nfacility’s systems. Similarly, the Stucx Team, known for numerous SCADA hacks, shared images from an\r\nunidentified SCADA system.\r\nAlleged screenshots from various SCADAs\r\nOctober 23, 2023\r\nAs the ongoing Israel-Palestine conflict persists across various fronts, we continue to witness daily fluctuations in\r\nactivities, but even the “cyber warriors” seem to take a breather on weekends. So, we encounter fewer incidents\r\ncompared to weekdays.\r\nIn this ongoing conflict, it’s inevitable that everyone involved becomes a potential target for hacktivists. Japan and\r\nSingapore recently joined the global players in this arena.\r\nGHOSTS of Palestine hacker group launched Distributed Denial-of-Service (DDoS) attacks on Japanese\r\ngovernment domains as part of their ‘#OpJapan campaign in response to Japan’s vote in support of Israel at the\r\nUN. Additionally, other pro-Palestinian hacker groups targeted Singapore. These groups include AnonGhost\r\nIndonesian from Indonesia and 4 EXPLOITATION from Malaysia and Ghost Team. Their combined efforts\r\nresulted in a cyber attack on a theater institution in Singapore, leading to website defacement and a data leak.\r\nScreenshot of the defaced website by Pro-Palestine hacktivists\r\nOne of the important claims in recent days came from the Anonymous Algeria group. Although the hacktivist\r\ngroup said that they infiltrated Israeli police devices and accessed some sensitive files, they do not yet have any\r\nevidence of the accuracy of the claims.\r\nAnonymous Algeria’s claim\r\nSouth Asian hacktivist groups continue to work together, as we saw in targeting Singaporean organizations. The\r\nCivil Aviation Authority of Israel was one of the common targets.\r\nAnonGhost Indonesian post is also forwarded by other hacktivist groups.\r\nThe Turkish hacker group Ayyıldız Tim, known for its large Twitter following, has claimed that they’ve acquired\r\nclassified military data, exercise records, and personnel details from the Israeli Ministry of Defense.\r\nNevertheless, the screenshot they posted seems to only display citizen identification information. Furthermore,\r\nsome Twitter users have pointed out that the shared data matches what was previously posted on “breachforums,”\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 12 of 23\n\ncasting doubt on the validity of the claim. This serves as a reminder that it’s wise to approach any assertions made\r\nby hacktivist groups with a measure of skepticism.\r\nAyyıldız Tim’s twitter post\r\nOne last incident of significant importance and contention revolves around the alleged intrusion by the Yemeni\r\nhacker group R70 into the systems of the Israel Electric Corporation, effectively gaining control. While Yemeni\r\nhackers may find themselves on opposing sides in the Yemen-Saudi Arabia conflict regarding pro-Palestinian\r\nhacktivist groups, the concept of a shared adversary appears to be a unifying factor.\r\nR70 claims to breach Israeli energy company\r\nOctober 20, 2023\r\nWe witness day by day that the cyber field is one of the most significant fronts of the war. Israel, which makes\r\ngreat efforts in defense, is also seeking complete coverage in this field. Israel is swiftly developing a cyber defense\r\nsystem called the Cyber Dome, inspired by the Iron Dome. It uses AI to filter cyber threats and involves experts\r\nfrom government departments, including the IDF and intelligence agencies. The Israel National Cyber Directorate\r\nis leading the effort, with contributions from private entities. While initially announced in 2022, it’s apparently\r\ngaining momentum by now, due to recent events. Specific system details are yet to be disclosed.\r\nHowever, before the cyber dome is closed to Israel’s cyber lands, pro-Palestinian hacker groups will apparently\r\ncontinue sending their cyber missiles in DDoS format. Government bodies, one of the most obvious targets, have\r\nbeen subject to DDoS attacks since the first day of the war. The Israeli Ministry of Defense is at the top of these\r\ntargets.\r\nGanoSec’s Telegram post with check-host verification\r\nAfter announcing yesterday that it would take the pro-Palestinian side, ChaosSec said it would target gov[.]il, an\r\nIsraeli government website.\r\nChaosSec’s Telegram post: The main state website of Israel is going to hell\r\nUnfortunately, one area where cyber missiles fall seems to be hospitals and clinics. Israeli hospitals and Israeli\r\nMinistry of Health websites were again targeted by GanoSec.\r\nShared by user named Xv888 on GanoSec’s channel\r\nWeedSec, on the other hand, carried out a defacement attack on a clinic, and its effect seems to continue.\r\nWeedSec’s Telegram post with defaced website\r\nAlleged screenshots from SCADA systems continue to come from groups every day. However, sometimes, it can\r\nbe not easy to verify these images.\r\nThe Cyber Watchers’ forwarded Telegram post, breached SCADA screenshots\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 13 of 23\n\nThe Cyber Watchers group that we recently observed shared many screenshots from various Israeli SCADA\r\nsystems.\r\nThe Cyber Watchers’ Telegram post, breached SCADA screenshots\r\nIn the update we shared yesterday, we included a call for unity and common purpose for hacktivists on the\r\nAnonymous (D) channel. Maybe we may have started to see the fruits of this today. This evening, a call was made\r\non the 4 Exploitation channel to unite and attack against Israel. It was also emphasized that the type of attack\r\nmade does not matter, but the same target is key.\r\n4 Exploitation’s call to hackers\r\nAs we have memorized by now, targeting allied countries other than Israel has become a classic situation. Turk\r\nHack Team (THT) targeted a US-based organization in the context of conflict and shared a major database leak.\r\nYet, one of the interesting points is that the targeted organization is an organization called The Art Story, a\r\nfoundation, which unfortunately reveals that all kinds of institutions are potential targets.\r\nTHT’s Database leak post in a Turkish-speaking forum\r\nThe ongoing conflict between India and South Asian states extends into cyberspace, where they find themselves\r\non opposing sides of this war. In response to BlackDragonSec’s declaration of support for Israel, the Infinite\r\nInsight group released a retaliatory message.\r\nInfinite Insight’s answer to BlackDragonSec\r\nIn a recent update to WhatsApp, a structure similar to Telegram channels was offered to users, and hacktivist\r\ngroups also started to use it. Although WhatsApp allows participants to hide their personal information while\r\njoining the channel, but if misconfigured, critical personal data such as phone numbers can expose you to these\r\ngroups where hackers take part.\r\nTeam Insane Pakistan’s WhatsApp channel announcement\r\nOctober 19, 2023\r\nEven if the silence continues relatively in the Israel-Palestine conflict, a few incidents today are critical. Soldiers\r\nOf Solomon, a hacktivist group, claimed to have taken control of assets such as over 50 servers and security\r\ncameras in the Israeli Nevatim military area.\r\nThey then made a huge and hard-to-believe claim that they had exfiltrated 25TB of data and encrypted it with\r\nransomware. They also shared screenshots, satellite images, and security camera images from many computers\r\nand servers as proof of concept. Moreover, they added that they also collected information about Nevatim air base\r\npilots’ personnel data and their families.\r\nSoldiers Of Solomon’s Telegram post, flood continues with proof of concept images\r\nBlacksec, in collaboration with the owner of Ghostsec, is directing its efforts towards more than 100 Modbus\r\nsystems. Should they achieve their objective, this attack could potentially disrupt industrial systems and other vital\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 14 of 23\n\ninfrastructures.\r\nBlackSec’s Telegram post, they added that the attacks will continue\r\nAnother issue we have become accustomed to is targeting pro-Israel countries. Dark Strom also joined this trend,\r\nthreatening all of Europe, and they said that its first attack would target France.\r\nDark Strom’s Telegram post targeting France\r\nSouth Asian hacktivist groups, on the other hand, seem to spare time for Israel when they are not targeting India.\r\nIn a Telegram post, they are trying to carry out an extreme amateur attack at 9 PM in Malaysian time and 4 PM in\r\nIsraeli time. Attack methods consist of fraud facts, swearing, and insults.\r\nMentioned Telegram post, translated via Google\r\nAnother scheduled attack came from the IRoX Team. IRoX Team has declared cyber war against Israel and the\r\ncountries supporting Israel. The group shared their target countries (scheduled ones):\r\nOct 20: Brazil, Canada, Poland, Spain\r\nOct 25: India, United Kingdom, Australia\r\nOct 30: France, Norway, Austria, Germany\r\nIroX Team’s cyber attack warning\r\nThe ChaosSec group, which remained silent on the issue for a long time, was one of the groups that announced\r\nthat it would take the Palestinian side.\r\nChaosSec’s Telegram post\r\nA post was shared on the Telegram channel called Anonymous (D) as a criticism that hacktivists sometimes\r\nconflict with each other even when they have common goals. Anonymous (D), who also uploaded a video, invites\r\npeace among hacktivists.\r\nAnonymous (D)’s Telegram post\r\nAnother piece of news that was not an action but gave insight into future actions was the reactions to US President\r\nJoe Biden’s visit to Israel, which was shared in hacktivist groups.\r\nAnonGhost’s Telegram post about the visit\r\nOn the GhostLocker Telegram channel, we covered in an article yesterday, they shared that they thought\r\nGhostLocker worried Israel. It is not known how much concern it will cause in Israel, but the new RaaS model\r\nthey have introduced has the potential to start a new trend in the world of cybercrime.\r\nGhostLocker developed by Pro-Palestinian GhostSec, mentioned Telegram post\r\nOctober 18, 2023\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 15 of 23\n\nIn the aftermath of the heart-wrenching tragedy that claimed the lives of numerous civilians, the cyber world has\r\nseen many responses. However, it’s a relatively subdued day in terms of tangible actions. Naturally, it’s evident\r\nthat this tranquility may well be the precursor to more turbulent times ahead.\r\nThis situation was called “Bloody Tuesday” by pro-Palestinian groups, and Israel was condemned. However, no\r\naction plan was shared.\r\nKillNet’s Telegram Post condemning Israel\r\nPro-Palestinian groups are consistently working on expanding their numbers. The AnonGhost group is trying to\r\nbolster its ranks as part of the #OpIsrael protests, and other hacktivist organizations are disseminating this\r\nmessage.\r\nThe AnonGhost’s message shared on other Telegram channels as well\r\nThe ICC’s manifesto, which we shared yesterday, appears to be yielding results as Pakistani hacktivist factions are\r\nallegedly uniting.\r\nICC’s Telegram post with a video announcement\r\nThe Cyber Avengers group asserts that Israel’s vital infrastructure has again fallen victim to hacking, with several\r\ndistressing incidents reported in Yavne and Nahariya. The group has shared screenshots with cybersecurity\r\ncompanies, although there has been no confirmation yet.\r\nScreenshots shared by Cyber Av3ngers regarding their claim\r\nWe have witnessed hacktivists and threat actors sharing various tools and scripts to serve their cause and\r\nincrease the number of people taking action, a case we have been witnessing for days. A similar script is shared on\r\na Turkish-speaking hacking forum to support Palestine, but they do not hesitate to ask for a fee this time.\r\nThe post on a Turkish-speaking hacker forum\r\nOctober 17, 2023\r\nToday, hacktivists continue to share their attack methods with their followers, as we observed yesterday. For\r\ninstance, the AnonGhost group is distributing a script that helps users identify and exploit a vulnerability called\r\nCVE-2023-29489. The effectiveness of this script may be questionable, but it reflects the ongoing trend of\r\ninformation sharing within the hacktivist community.\r\nAnonGhost’s Telegram post, sharing Python script for the mentioned CVE\r\nSimilarly, the ./CsCrew group regularly selects new targets and recommends Denial of Service (DoS) tools to their\r\nfollowers in their Telegram channels. They claim that these tools can bypass Cloudflare’s security measures,\r\nhighlighting hacktivist activities’ bold and audacious nature.\r\n./CsCrew shares their targets and tools daily\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 16 of 23\n\nThe Islamic Cyber Corps group issued a rallying call by releasing a jihadist manifesto, urging all Muslim\r\nhacktivists to come together, articulate their objectives, and encourage them to pursue more substantial actions,\r\nemphasizing that common attacks like DDoS and defacement fall short of their aspirations.\r\nI.C.C’s statement and call to action\r\nWhile hacktivism typically revolves around causing disruptions, the convergence of such a large hacktivist\r\ncommunity is poised to generate disruptions that extend beyond the immediate horizon. What further underscores\r\nthe significance of this situation is the realization that not only the Israeli government and military will be in the\r\ncrosshairs, but also allied nations and occasionally even civilian infrastructure.\r\nIndia, which has been exposed to more intense hacktivism than Israel, still maintains its throne. Numerous\r\ndatabase leaks, such as the News Database India leak, are shared in South Asian hacktivist groups.\r\nSouth Asian hacktivist groups continue to target India primarily\r\nApart from India, NATO countries, which are also intense targets, frequently face disruptions. Banque Banorient\r\nFrance and German Airways websites are critical sectors and targets exposed to DDoS attacks.\r\nA bank in France was the target of DDoS attack\r\nA popular target amongst the hacktivists, German Airways\r\nWhen looking at the agendas of hacktivist groups, it sometimes seems that the issue is entirely outside of Israel,\r\nbut Israel continues to be targeted as well. Cyb3r Drag0nz Team allegedly took down the Israeli Air Force website\r\nand shared it on their Twitter accounts.\r\nCyb3r Drag0nz Team’s tweet about the alleged attack\r\nIsraeli hackers employed a noteworthy attack technique. The RedEvils group somehow gained access to the Gaza\r\nNow Telegram channel, boasting over 1 million followers, and successfully wiped out all its content. However, it\r\nappears they were unable to shut down the channel.\r\nRedEvils’ different approach to hacktivism\r\nOctober 16, 2023\r\nAs we move into the second week of the Israel-Palestine conflict, the media is increasingly flooded with sorrowful\r\nimages, and this grim reality is further amplified in the cyber world as more distressing visuals emerge. Cyber\r\noperations are rising in the landscape of hacktivism, which seem to increase like an uncontrollable avalanche.\r\nKillNet, a prominent figure in the hacktivist landscape in recent years, has remained relatively quiet regarding\r\nsignificant actions, limiting its activities to sporadic incidents and threats. However, they have recently taken a\r\nnew step by establishing an exclusive Telegram channel dedicated to engagements related to Palestine. Operating\r\nunder the name KILLNET PALESTINE, the group has publicly reaffirmed its collaboration with Anonymous\r\nSudan and declared its intention to focus its efforts on targeting Israel.\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 17 of 23\n\nKILLNET PALESTINE’s first Telegram post\r\nWhile pro-Israeli hacktivist collectives, predominantly originating from India, occasionally launch minor attacks,\r\nthey pale compared to the sheer scale of pro-Palestinian groups. The number of pro-Palestinian groups, which we\r\nidentify in dozens daily, persists in conducting a diverse array of cyberattacks.\r\nA hacktivist group known as the Haghjoyan Team, boasting over 40,000 followers on Telegram, boldly asserts that\r\nthey have infected more than 5,000 Israeli citizens with malware and claims to have gained access to a staggering\r\ntwo terabytes of data.\r\nHaghjoyan’s Telegram post, screenshots posted as proof\r\nHacktivist groups are not just content with various attacks. They are trying to maximize the damage they will\r\ncause by sharing the websites they have detected vulnerabilities with their followers and other hacktivist groups.\r\nA list of 4300 Israeli websites with SQL injection vulnerability is shared on many Telegram\r\nchannels.\r\nOf course, the targets are not only military and government organizations. The Israeli mobile application called\r\nPango Car was claimed to be hacked, and while its data is shared publicly, credit card information is sold\r\nseparately. This shows that the actions taken are not always guided by ideologies.\r\nAnother group, Cyber Av3ngers, allegedly breached Orpak, a retail fuel market solutions provider in Israel. The\r\nreleased data suggests that the hackers managed to infiltrate Orpak’s internal systems.\r\nMobile Application Pango Car allegedly hacked.\r\nThe database leak of Cyber Tech Israel, held in Tel Aviv, is also shared on Telegram, but the fact that it is 2.8 MB\r\nin size and PDF format raises doubts about the leak.\r\nDatabase dump of CyberTech Global shared on Telegram\r\nAn illustration of the frequent cyberattacks we expected for NATO and its allies emerged as a Singaporean\r\nhacktivist group conducted an attack. This Hacktivist Group asserted responsibility for the takedown of the Naples\r\nInternational Airport website in Italy and declared its intent to intensify its targeting of Italy.\r\nSylhet Gang’s Telegram post about the incident\r\nOne of the countries highly targeted since the first day of the war was India due to its political agenda, and this\r\nsituation continues. Educational institutions, in particular, are frequently targeted, and sensitive data is leaked.\r\nData leak of Zakir Husain Delhi College posted on Telegram\r\nAs we previously pointed out, hacktivists aim to amplify the extent of their impact, and here’s another instance:\r\nthe creation and unveiling of a mobile application designed to coordinate diverse attacks. According to reports\r\nabout the app named MyOPECS, shared by Stucx Team, while it currently functions as a DDoS toolkit, it is\r\nexpected to incorporate additional features in the near future, including DNS Enumeration, Port Scanning,\r\nDirectory Busting, and Password Attacks.\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 18 of 23\n\nMyOPECS PenTest mobile application\r\nAlthough hacktivist groups can be serious threats, they lack complete organization. The hacktivist group\r\nMoroccan Ghosts apologized for hacking a target by mistaking it for an Israeli.\r\nRawad Company’s RADIUS system was mistakenly hacked, thinking they were Israelis. As an\r\napology from us, we have closed the security loophole in the system and will help them protect their\r\ndata…\r\nOctober 13, 2023\r\nToday’s hot topic is the escalation of cyber warfare to a global scale, a development that has been gaining\r\nmomentum in recent days. Numerous pro-Palestinian organizations have initiated cyberattacks against\r\ngovernments and nations sympathetic to Israel worldwide.\r\nIt seems that South Asian hacktivists have decided to join forces with Dragonforce Malaysia and act together. Of\r\ncourse, their target will be Israel and its supporter countries, but we can also predict that India will get a larger\r\nshare of the attacks.\r\nThe announcement shared on the channels of many South Asian hacktivist groups\r\nMysterious Team Bangladesh announced they would target all NATO countries, India and South Korea, but they\r\nadded that they excluded Turkey. The reason seems to be Turkey’s neutral approach to conflict, and the fact that it\r\nis loved by the people of South Asia, which has a high Muslim population.\r\nMysterious Team Bangladesh’s Telegram post targeting NATO\r\nAs they previously announced, Ghost of Palestine is one of the active groups aiming to continue cyber warfare\r\nglobally. It seems like they will target more pro-Israel countries.\r\nGhosts of Palestine’s Telegram post threatening Israeli allies\r\nMysterious Team Bangladesh had threatened South Korea, but another South Asian hacktivist group today\r\nclaimed responsibility for the DDoS attack targeting the South Korean Ministry of Foreign Affairs.\r\nSylhet Gang brought cyber warfare to South Korea\r\nIndia continues to be targeted even more than Israel, and one of the many attacks was on Madhu Vachaspati\r\nInstitute India today.\r\nGhost of Palestine’s Telegram post about the attack\r\nStucx Team, on the other hand, not only targets Red Alert, the famous Israeli missile protection system but also\r\nreveals how to do it to its followers. This system, which is of critical importance for Israel, has been one of the\r\nnumber one targets of hacktivists since the day the war began.\r\nStucx Team’s guide to disrupt the mail server of the Red Alert\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 19 of 23\n\nEven though KillNet announced its support for Palestine, there has been no major activity so far. But today, de-facto KillNet leader KillMilk announced that he would take action with his legion of 10,000 hackers. KillNet’s\r\nmore active role may also indicate that larger cyber conflicts will occur in the coming days.\r\nKillMilk’s Telegram post\r\nOctober 12, 2023\r\nIn the ongoing Israel-Palestine conflict in the cyber world, DDoS and defacement attacks and data leaks are\r\nfrequently disseminated within hacktivist channels. However, quantifying the extent of harm inflicted on the\r\nentities they aim for remains a challenge. While targets like government websites, humanitarian organizations, and\r\ninfrastructure systems do experience certain disruptions, these actions typically result in no significant\r\nconsequences beyond temporary website blockages and annoyance.\r\nAlthough it does not seem to cause immediate damage, one of the events that will cause the most extensive\r\ndamage in the long term may be the leaks containing many PII.\r\nMoroccan Ghosts hacktivist group shared a dataset containing many PII and credentials.\r\nAs we discussed not long ago, Indian hacktivist factions represent the predominant share among the few groups\r\nproviding cyber support to Israel in the ongoing conflict. This scenario places India in the crosshairs of numerous\r\nhacktivist collectives, particularly those of South Asian and Pro-Palestinians. Thus, the underlying cause of this\r\nextra heightened attention is the political discord between India and South Asian nations with substantial Muslim\r\npopulations, which adds a distinctive dimension to the situation.\r\nGanosec Team threatens India in their Telegram channel\r\nSouth Asian hacktivist collective, defacement attack on National Savings Institute of India.\r\nIn parallel with the targets of physical warfare, pro-Israeli groups targeted a Lebanese governmental website and\r\ntemporarily blocked access. This is another indicator that the war in the cyber world has spread everywhere.\r\nIndian hacktivist’s DDoS attack on Ministryinfo[.]gov\r\nWe mentioned that ransomware groups are also starting to get involved, and today, in a channel we observed, we\r\nsaw that T.Y.G Team announced that they began ransomware attacks.\r\nT.Y.G Team’s Telegram post,”Ransomware attacks have begun…”\r\nAnother interesting point observed today offers a strange insight into the internal structure of hacktivist groups.\r\nEND SODOMA group threatens people who leave their Telegram channel.\r\nEND SODOMA’s threat\r\nOctober 11, 2023\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 20 of 23\n\nToday, the groups are carrying out attacks at an accelerating rate, and it’s noteworthy that these attacks are also\r\ndirected at various targets on a global scale.\r\nThe Pro-Palestinian groups targeting at US and European organizations, including the alleged DDoS attack on the\r\nEuropean Parliament Traineeships website by a group known as Mysterious Team Bangladesh.\r\nTeam Insane Pakistan’s Telegram post, service was unavailable for a brief time\r\nCivilian targets, particularly those related to fundraising efforts, are vulnerable to attacks from both sides, as seen\r\nwhen Team UCC targeted “Defending Human Rights in Palestine.”\r\nTeam UCC’s Telegram post, Alhaq’s website was down for a brief time but continued to have access\r\nproblems throughout the day\r\nGhosts of Palestine, one of the most active hacktivist groups, has also announced its intention to target not only\r\nIsrael but also Europe and the United States.\r\nGhost Of Palestine’s Telegram post\r\nOn the pro-Israeli front, they claim to be targeting Iran, which supports Hamas and have shared a substantial\r\ndatabase related to The Lorestan Petrochemical Company, totaling nearly 1 GB.\r\nGaza Parking Lot Crew’s Telegram post\r\nOther significant incidents for today are as follows:\r\nAnonGhost claimed to get the API key for Israel’s Red Alarm system.\r\nAnonGhost’s Telegram Post about alleged incident\r\nTeam Insane Pakistan is targeting Bank Israel with DDoS attack.\r\nTeam Insane Pakistan’s Telegram Post and screenshot of proof\r\nSkyNet allegedly published 6.5 million people’s data from Israel.\r\nSkyNet’s Telegram post, 7zip file attached\r\nAnother prominent topic of today was the fact that posts in the context of the Israel-Palestine conflict began to be\r\nmade in hacker forums. Posts from threat actors from both sides fill trending topics. Israel Military Personnel data,\r\nIsraeli insurance company’s database, Palestine Ministry of Higher Education and Ministry of National Security\r\ncredentials and Palestine Ministry of Foreign Affairs database are among the few.\r\nOn many hacker forums Israel-Palestine conflict-related posts and leaks are published\r\nBelow are domain names created in support of Israel in the ongoing Israel-Palestine conflict. While some of these\r\ndomains are legitimate, the majority serve the purpose of phishing.\r\nDomain names created to support Israel\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 21 of 23\n\nOctober 10, 2023\r\nAs the intensity of the conflict, which has become an official war, increases, it continues to be reflected in the\r\ncyber world similarly. As of October 10, many hacktivist groups have come back to life, and countless operations\r\nand attacks continue to be shared non-stop on Telegram channels.\r\nLast week, the International Committee of the Red Cross (ICRC) released a set of guidelines outlining rules of\r\nengagement for civilian hackers participating in conflict scenarios. However, looking at the attacks, it seems that\r\nthis call did not have much of a response. Civilian infrastructures and organizations are also under attack.\r\nPro-Palestinian hacktivist group END SODOMA shared a piece of code to disable Israeli alarm systems. Again,\r\naccording to the post they shared on Telegram, it seems they disrupted alerts, at least for a while.\r\nEND SODOMA’s Telegram Post, Code piece for disrupting alert systems\r\nEND SODOMA’s following post\r\nIsraeli government sites, media agencies, and military systems are the most targeted systems. The preferred attack\r\nvector is usually DDoS. Israel Space Agency was also among the targets targeted today.\r\nYourAnon’s Telegram Post about disruption of Israel Space Agency’s website\r\nAlthough the main target is governmental organizations, the civilian infrastructure also receives its share of\r\nattacks. Healthcare, education and water systems are governmental bodies but, they are also targets that affect\r\ncivilian life.\r\nMysterious Team Bangladesh is disrupting the governmental organizations.\r\nTeam_insane_Pakistan is targeting Israeli healthcare\r\nMany of the few pro-Israel hacktivist supporters are Indian hacktivists. In the cyber world, this situation also\r\nsparks conflicts between hacktivist groups and leads to the targeting of Indian groups.\r\nTelegram post of CYBER ERROR FORCE targeting India.\r\nIn a major attack today, SiegedSec and Anonymous Sudan teamed up and targeted Israeli Infrastructures. It seems\r\nthat their collaborations, like their operations, will continue.\r\nSiegedSec’s Telegram post\r\nThere was only one recorded attack during the day from pro-Israeli Indian hacktivists. Palestinian network devices\r\nwere targeted in the attack, in which Team UCC and Anon_Sec_101 worked together.\r\nTeam UCC’s Telegram Post, forwarded by Garuna Ops\r\nOne of the interesting events is that the conflict has also attracted the attention of ransom groups. Ransomed.vc is\r\ntrying to purchase access available in Iran and Gaza-affiliated countries.\r\nRansomed.vc’s Telegram post, seeking for access sales\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 22 of 23\n\nTrack Dark Web Activity with SOCRadar\r\nWith SOCRadar’s Cyber Threat Intelligence and Digital Risk Protection modules, you can effortlessly keep a\r\nconstant watch on threat actor activities in every surface of the web, including Telegram channels.\r\nSOCRadar’s Digital Risk Protection module makes it simple to monitor the actions of threat actors. The Dark\r\nWeb Monitoring tab automatically provides pertinent information about products and technologies discovered\r\nwithin your digital assets. Conversely, Dark Web News shares significant updates from deep and dark web forums,\r\nsocial media platforms, and communication channels like Telegram, complete with screenshots and textual\r\ncontent.\r\nDiscover whether your data is at risk from threat actors and take steps to mitigate these risks in your digital assets.\r\nSOCRadar conducts routine internet scans to identify new Telegram groups where your company’s leaked data\r\nmay be found. Moreover, it promptly alerts you to any information related to your organization.\r\nSOCRadar, Dark Web Monitoring\r\nSource: https://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nhttps://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/\r\nPage 23 of 23", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://socradar.io/reflections-of-the-israel-palestine-conflict-on-the-cyber-world/" ], "report_names": [ "reflections-of-the-israel-palestine-conflict-on-the-cyber-world" ], "threat_actors": [ { "id": "42a6a29d-6b98-4fd6-a742-a45a0306c7b0", "created_at": "2022-10-25T15:50:23.710403Z", "updated_at": "2026-04-10T02:00:05.281246Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "Whisper Spider" ], "source_name": "MITRE:Silence", "tools": [ "Winexe", "SDelete" ], "source_id": "MITRE", "reports": null }, { "id": "5484a633-c850-4380-921b-72fce1a32e72", "created_at": "2024-01-18T02:02:34.026014Z", "updated_at": "2026-04-10T02:00:04.636248Z", "deleted_at": null, "main_name": "CyberAv3ngers", "aliases": [], "source_name": "ETDA:CyberAv3ngers", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "f68778ec-e021-433b-a262-eba6a0edbb76", "created_at": "2023-11-17T02:00:07.591282Z", "updated_at": "2026-04-10T02:00:03.454381Z", "deleted_at": null, "main_name": "VulzSecTeam", "aliases": [ "VulzSec" ], "source_name": "MISPGALAXY:VulzSecTeam", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e53fc09e-24cc-40d4-b38d-7e2d6dbe81d8", "created_at": "2023-03-17T02:01:50.851615Z", "updated_at": "2026-04-10T02:00:03.362605Z", "deleted_at": null, "main_name": "Anonymous Sudan", "aliases": [], "source_name": "MISPGALAXY:Anonymous Sudan", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d85923d4-06b6-4a23-b903-c54cc854a1ed", "created_at": "2023-11-21T02:00:07.351342Z", "updated_at": "2026-04-10T02:00:03.465119Z", "deleted_at": null, "main_name": "WeedSec", "aliases": [], "source_name": "MISPGALAXY:WeedSec", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6608b798-f92b-42af-a93f-d72800eeb3a3", "created_at": "2023-11-30T02:00:07.292Z", "updated_at": "2026-04-10T02:00:03.482199Z", "deleted_at": null, "main_name": "DragonForce", "aliases": [], "source_name": "MISPGALAXY:DragonForce", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "763f2092-2b32-4579-baf0-ada8c8bc7b43", "created_at": "2023-11-08T02:00:07.117517Z", "updated_at": "2026-04-10T02:00:03.418144Z", "deleted_at": null, "main_name": "KromSec", "aliases": [], "source_name": "MISPGALAXY:KromSec", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "93b7776d-9b37-496d-94a5-30bc36fd8800", "created_at": "2023-11-07T02:00:07.10019Z", "updated_at": "2026-04-10T02:00:03.407781Z", "deleted_at": null, "main_name": "GhostSec", "aliases": [ "Ghost Security" ], "source_name": "MISPGALAXY:GhostSec", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "daf2219f-08f1-44ef-9245-9a062ceff7a4", "created_at": "2023-11-08T02:00:07.120507Z", "updated_at": "2026-04-10T02:00:03.419124Z", "deleted_at": null, "main_name": "Cyber Av3ngers", "aliases": [], "source_name": "MISPGALAXY:Cyber Av3ngers", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a3917c91-ec7d-485f-8784-bfb1b1a78359", "created_at": "2023-11-08T02:00:07.13872Z", "updated_at": "2026-04-10T02:00:03.424164Z", "deleted_at": null, "main_name": "UserSec", "aliases": [], "source_name": "MISPGALAXY:UserSec", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "843f4240-33a7-4de4-8dcf-4ff9f9a8c758", "created_at": "2025-07-24T02:05:00.538379Z", "updated_at": "2026-04-10T02:00:03.657424Z", "deleted_at": null, "main_name": "GOLD FLAME", "aliases": [ "DragonForce" ], "source_name": "Secureworks:GOLD FLAME", "tools": [ "ADFind", "AnyDesk", "Cobalt Strike", "FileSeek", "Mimikatz", "SoftPerfect Network Scanner", "SystemBC", "socks.exe" ], "source_id": "Secureworks", "reports": null }, { "id": "9ff60d4d-153b-4ed5-a2f7-18a21d2fa05d", "created_at": "2022-10-25T16:07:23.539852Z", "updated_at": "2026-04-10T02:00:04.647734Z", "deleted_at": null, "main_name": "Desert Falcons", "aliases": [ "APT-C-23", "ATK 66", "Arid Viper", "Niobium", "Operation Arid Viper", "Operation Bearded Barbie", "Operation Rebound", "Pinstripe Lightning", "Renegade Jackal", "TAG-63", "TAG-CT1", "Two-tailed Scorpion" ], "source_name": "ETDA:Desert Falcons", "tools": [ "AridSpy", "Barb(ie) Downloader", "BarbWire", "Desert Scorpion", "FrozenCell", "GlanceLove", "GnatSpy", "KasperAgent", "Micropsia", "PyMICROPSIA", "SpyC23", "Viper RAT", "ViperRAT", "VolatileVenom", "WinkChat", "android.micropsia" ], "source_id": "ETDA", "reports": null }, { "id": "b125b5c1-1431-4880-9ab8-582a583811ea", "created_at": "2024-04-24T02:00:49.643067Z", "updated_at": "2026-04-10T02:00:05.421434Z", "deleted_at": null, "main_name": "CyberAv3ngers", "aliases": [ "CyberAv3ngers", "Soldiers of Soloman" ], "source_name": "MITRE:CyberAv3ngers", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "b1979c55-037a-415f-b0a3-cab7933f5cd4", "created_at": "2024-04-24T02:00:49.561432Z", "updated_at": "2026-04-10T02:00:05.416794Z", "deleted_at": null, "main_name": "APT-C-23", "aliases": [ "APT-C-23", "Arid Viper", "Desert Falcon", "TAG-63", "Grey Karkadann", "Big Bang APT", "Two-tailed Scorpion" ], "source_name": "MITRE:APT-C-23", "tools": [ "Micropsia" ], "source_id": "MITRE", "reports": null }, { "id": "c29ed071-678d-4023-a954-7138fb534056", "created_at": "2023-11-05T02:00:08.079228Z", "updated_at": "2026-04-10T02:00:03.39948Z", "deleted_at": null, "main_name": "SiegedSec", "aliases": [], "source_name": "MISPGALAXY:SiegedSec", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "adf68b66-8287-44de-9cdc-3277508a8126", "created_at": "2023-11-05T02:00:08.082461Z", "updated_at": "2026-04-10T02:00:03.400457Z", "deleted_at": null, "main_name": "RansomVC", "aliases": [ "Ransomed.vc" ], "source_name": "MISPGALAXY:RansomVC", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "929d794b-0e1d-4d10-93a6-29408a527cc2", "created_at": "2023-01-06T13:46:38.70844Z", "updated_at": "2026-04-10T02:00:03.075002Z", "deleted_at": null, "main_name": "AridViper", "aliases": [ "Desert Falcon", "Arid Viper", "APT-C-23", "Bearded Barbie", "Two-tailed Scorpion" ], "source_name": "MISPGALAXY:AridViper", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "527e04ee-7f5f-49aa-8653-f893b43730bd", "created_at": "2022-10-25T16:07:24.512541Z", "updated_at": "2026-04-10T02:00:05.017592Z", "deleted_at": null, "main_name": "Moses Staff", "aliases": [ "Abraham's Ax", "Cobalt Sapling", "DEV-0500", "G1009", "Marigold Sandstorm", "Vengeful Kitten", "White Dev 95" ], "source_name": "ETDA:Moses Staff", "tools": [ "DCSrv", "DCrSrv", "PyDCrypt", "StrifeWater", "StrifeWater RAT" ], "source_id": "ETDA", "reports": null }, { "id": "bef06c82-0f51-44ba-8451-049cd4ad8a52", "created_at": "2023-01-06T13:46:39.325635Z", "updated_at": "2026-04-10T02:00:03.288171Z", "deleted_at": null, "main_name": "MosesStaff", "aliases": [ "Moses Staff", "Marigold Sandstorm", "DEV-0500", "VENGEFUL KITTEN" ], "source_name": "MISPGALAXY:MosesStaff", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "c4d0e4e1-5ad3-4455-8291-ce72a1e09e46", "created_at": "2022-10-27T08:27:13.055675Z", "updated_at": "2026-04-10T02:00:05.323068Z", "deleted_at": null, "main_name": "Moses Staff", "aliases": [ "Moses Staff", "DEV-0500", "Marigold Sandstorm" ], "source_name": "MITRE:Moses Staff", "tools": [ "PyDCrypt", "PsExec", "DCSrv", "StrifeWater" ], "source_id": "MITRE", "reports": null }, { "id": "dafc166f-0946-4870-9f6e-46ce02d2a40f", "created_at": "2024-11-13T13:15:31.105216Z", "updated_at": "2026-04-10T02:00:03.752358Z", "deleted_at": null, "main_name": "SYLHET GANG-SG", "aliases": [], "source_name": "MISPGALAXY:SYLHET GANG-SG", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "b4a6d558-3cba-499c-b58a-f15d65b7a604", "created_at": "2023-01-06T13:46:39.346924Z", "updated_at": "2026-04-10T02:00:03.295317Z", "deleted_at": null, "main_name": "Killnet", "aliases": [], "source_name": "MISPGALAXY:Killnet", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "eb5915d6-49a0-464d-9e4e-e1e2d3d31bc7", "created_at": "2025-03-29T02:05:20.764715Z", "updated_at": "2026-04-10T02:00:03.851829Z", "deleted_at": null, "main_name": "GOLD WYMAN", "aliases": [ "Silence " ], "source_name": "Secureworks:GOLD WYMAN", "tools": [ "Silence" ], "source_id": "Secureworks", "reports": null }, { "id": "6a5293c8-2a88-4a33-927a-4a0c946dc867", "created_at": "2025-08-07T02:03:24.778647Z", "updated_at": "2026-04-10T02:00:03.647413Z", "deleted_at": null, "main_name": "COBALT SAPLING", "aliases": [ "Abraham's Ax ", "DEV-0500", "Marigold Sandstorm ", "Moses Staff ", "Vengeful Kitten " ], "source_name": "Secureworks:COBALT SAPLING", "tools": [ "DCSrv", "PyDcrypt", "StrifeWater RAT" ], "source_id": "Secureworks", "reports": null }, { "id": "e5cad6bf-fa91-4128-ba0d-2bf3ff3c6c6b", "created_at": "2025-08-07T02:03:24.53077Z", "updated_at": "2026-04-10T02:00:03.680525Z", "deleted_at": null, "main_name": "ALUMINUM SARATOGA", "aliases": [ "APT-C-23", "Arid Viper", "Desert Falcon", "Extreme Jackal ", "Gaza Cybergang", "Molerats ", "Operation DustySky ", "TA402" ], "source_name": "Secureworks:ALUMINUM SARATOGA", "tools": [ "BlackShades", "BrittleBush", "DarkComet", "LastConn", "Micropsia", "NimbleMamba", "PoisonIvy", "QuasarRAT", "XtremeRat" ], "source_id": "Secureworks", "reports": null }, { "id": "35b3e533-7483-4f07-894e-2bb3ac855207", "created_at": "2025-08-07T02:03:24.540035Z", "updated_at": "2026-04-10T02:00:03.69627Z", "deleted_at": null, "main_name": "ALUMINUM SHADYSIDE", "aliases": [ "APT-C-23 ", "Arid Viper ", "Desert Falcon " ], "source_name": "Secureworks:ALUMINUM SHADYSIDE", "tools": [ "Micropsia", "SpyC23" ], "source_id": "Secureworks", "reports": null }, { "id": "e3eca3b8-5c00-4d5b-997f-61450ecd598a", "created_at": "2024-01-09T02:00:04.20862Z", "updated_at": "2026-04-10T02:00:03.513149Z", "deleted_at": null, "main_name": "Threatsec", "aliases": [], "source_name": "MISPGALAXY:Threatsec", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6dd1a007-b914-43cb-95a9-5421ebc0866e", "created_at": "2023-01-06T13:46:38.541191Z", "updated_at": "2026-04-10T02:00:03.017696Z", "deleted_at": null, "main_name": "Ayyıldız Tim", "aliases": [ "Crescent and Star" ], "source_name": "MISPGALAXY:Ayyıldız Tim", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "7df4ddf9-511d-4913-8e51-7e7130639b45", "created_at": "2023-01-06T13:46:38.545041Z", "updated_at": "2026-04-10T02:00:03.018661Z", "deleted_at": null, "main_name": "TurkHackTeam", "aliases": [ "Turk Hack Team" ], "source_name": "MISPGALAXY:TurkHackTeam", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "88e53203-891a-46f8-9ced-81d874a271c4", "created_at": "2022-10-25T16:07:24.191982Z", "updated_at": "2026-04-10T02:00:04.895327Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "ATK 86", "Contract Crew", "G0091", "TAG-CR8", "TEMP.TruthTeller", "Whisper Spider" ], "source_name": "ETDA:Silence", "tools": [ "EDA", "EmpireDNSAgent", "Farse", "Ivoke", "Kikothac", "LOLBAS", "LOLBins", "Living off the Land", "Meterpreter", "ProxyBot", "ReconModule", "Silence.Downloader", "TiniMet", "TinyMet", "TrueBot", "xfs-disp.exe" ], "source_id": "ETDA", "reports": null }, { "id": "d64de7e1-4ba3-43c4-9b69-932976b604fc", "created_at": "2023-11-07T02:00:07.111305Z", "updated_at": "2026-04-10T02:00:03.412326Z", "deleted_at": null, "main_name": "Storm-1133", "aliases": [], "source_name": "MISPGALAXY:Storm-1133", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "bc289ba8-bc61-474c-8462-a3f7179d97bb", "created_at": "2022-10-25T16:07:24.450609Z", "updated_at": "2026-04-10T02:00:04.996582Z", "deleted_at": null, "main_name": "Avalanche", "aliases": [], "source_name": "ETDA:Avalanche", "tools": [], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434280, "ts_updated_at": 1775792159, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/639c26110213dff03d52263ce98b9e3d53004f76.pdf", "text": "https://archive.orkl.eu/639c26110213dff03d52263ce98b9e3d53004f76.txt", "img": "https://archive.orkl.eu/639c26110213dff03d52263ce98b9e3d53004f76.jpg" } }