Pierluigi Paganini October 09, 2023

Microsoft linked a Gaza-based threat actor tracked as Storm-1133 to a series of attacks aimed at private organizations in Israel.

The fourth annual Digital Defense Report published by Microsoft linked a series of attacks against organizations in Israel to a Gaza-based threat actor that is tracking the campaign as Storm-1133.

The Storm-1133 activity was observed in early 2023 and is targeting Israeli private-sector energy, defense, and telecommunications organizations.

“We assess this group works to further the interests of Hamas, a Sunni militant group that is the de facto governing authority in the Gaza Strip, as activity attributed to it has largely affected organizations perceived as hostile to Hamas.” reads the report published by Microsoft. “Targets have included organizations in the Israeli energy and defense sectors and entities loyal to Fatah, the dominant Palestinian political faction in the West Bank, which were historically targets of Hamas cyberattacks.”

Threat actors behind Storm-1133 sent out spear-phishing messages via email and social media, Microsoft also observed the use of new techniques to evade detection. The threat actors employed multiple backdoors and hosted their C2 infrastructure on Google Drive.

“Storm-1133 also used newly created LinkedIn profiles—masquerading as Israeli human resources managers, project coordinators, and software developers to conduct reconnaissance, contact and send malware to employees at Israeli defense, space, and technology organizations throughout 2023.” states the report.

While the Hamas group was launching a massive attack against Israel, multiple Pro-Palestine hackers launched cyber attacks against organizations in the country.

The Jerusalem Post was hit by multiple cyberattacks that caused the site to crash.

Most of the attacks are distributed denial-of-service (DDoS) attacks and also targeted critical Israeli infrastructure.

“Over 35 pro-Palestine hacking groups have commenced a series of attacks on diverse targets within Israel.” reported The Cyber Express. “These groups, while advocating for Palestinian interests, remain shrouded in mystery, their exact numbers and identities are yet to be verified.”

Below is the list of hacker groups involved in the Israel-Palestine war: 

The Pro-Russia group Killnet also announced a series of attacks against Israel with the support of another group known as ‘Usersec.’ The Pro-Russia hackers launched their attacks against Israel’s banking and power sectors, however the group excludes the possibility of attacking the critical infrastructure in Israel.

Below is the message published on the Telegram channel of the group:

“If we oppose the Israeli government, this does not mean that we are going against ordinary citizens of this country. The Israeli regime sold itself to the NATO whore, the same main terrorist, with the slogan of PEACE and DEFENSE!

The atrocities that Hamas or Israel commit against civilians are terrible! We exclude the possibility of attacking the critical infrastructure of both sides! Our goal is the pro-NATO government of Israel (believe me, there are not many of them left anymore)!

Our brothers and sisters are all civilians and peaceful residents of Israel!

We call on you to stop the bloodshed on both sides! If you want war, there are thousands of kilometers of emptiness around you, fight there. Civilians of Gaza and Israel do not have the right to give their lives for the sake of bastards from Europe.”

The hacker group Anonymous Sudan, which is a Pro-Russia group not linked to Anonymous, has announced its support to Hamas on Telegram.

The group hit The Jerusalem Post website and claimed to have targeted Israel’s Iron Dome and the Israeli Alerting system.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Israel)