Over 15 cyber attack groups affiliated with Iran, Hezbollah or Hamas are operating against Israel, says National Cyber Directorate
Over 15 cyber attack groups affiliated with Iran, Hezbollah or Hamas are operating against Israel, says National Cyber Directorate
According to a report published by the National Cyber Directorate summarizing the cyber events since the beginning of the war, their main targets include academia, healthcare, water, energy, fuel, transportation and maritime shipping sectors
Over 15 groups associated with Iran, Hezbollah, or Hamas have been engaged in cyber attacks against Israel since 7/10, according to a report published by Israel’s National Cyber Directorate. The report, which summarizes the main cyber attacks of the last two and a half months, notes that most of these groups share intelligence, methods, and tools with each other.
Principal targets of the attacks have included healthcare organizations, and the water, academia, energy, fuel supply, transportation, and maritime shipping sectors, as well as organizations that serve as concentration points for activities of other groups (e.g., digital service providers). "These organizations sometimes provide services such as shared applications across sectors. The common feature when targeting them is the potential for widespread impact on other organizations in the sector or those relying on the services of the attacked organization," the report says.
The Directorate has also identified a change in the goals of the attacks, shifting from espionage and information theft at the beginning of the war to inflicting damage in this stage of the conflict. The cyber attacks have also been similar to other conflicts, such as the Russia-Ukraine war, particularly the use of psychological warfare and of ransomware which blocks access to the victim's data once it is stolen unless a ransom is paid.
"The choice of ransomware as an attack tool is not surprising and is even natural at a time when psychological warfare is a significant part of the campaign," the report states. "The chaos that occurs after a ransomware attack achieves its goals. These are simple devices, accessible to the average user and don’t require extensive technological knowledge to implement."
Another focus of the report is the efforts to disrupt Hamas’ fundraising system, which relies heavily on cryptocurrency. "Hamas, like other terrorist organizations around the world, turned to cryptocurrency to make it more difficult to block its funding sources, especially from Iran. The transition to crypto helped Hamas to receive a lot of money from Iran in the past two years," explained the Directorate. "Initially, Hamas used crypto to receive small donations from supporters worldwide, but soon moved to extensive crowdfunding campaigns also through social networks, raising millions of dollars. These funds are used, among other things, to purchase weapons and finance other terror activities."
Israeli security organizations have already identified and seized crypto wallets containing currencies such as Bitcoin, Ethereum, and Tron worth tens of millions of dollars. "The National Cyber Directorate has been a partner in the economic campaign from the beginning of the war. As part of this campaign, we have developed technological tools and methods which enabled the detection of numerous terror funding campaigns, worth millions of dollars. These tools are deployed on a wide range of platforms on which terrorist organization’s fundraisers operate, with an emphasis on crowdfunding platforms, social networks, and more."