Pierluigi Paganini
October 11, 2023
Amidst the outbreak of war on the Gaza Strip last weekend, Resecurity (Los Angeles-based cybersecurity company protecting Fortune 100) has identified multiple cyber-threat actors staging online psychological operations (PSYOPs) campaigns to manipulate public opinion regarding the escalating Israeli-Palestinian conflict. PSYOPs are weaponized influence campaigns that transmit selective information and facts to manipulate public opinion.
While some PSYOP conspirators completely fabricate narratives and amplify them through low-authority, but high-exposure accounts on social media, the majority beguile audiences through lies of omission. Resecurity identified various malign, Gaza-nexus actors and their geopolitically coordinated PSYOP campaigns via the collection of cyber threat intelligence (CTI) from the Dark Web and multi-dimensional OSINT sources.
Resecurity observed most of these threat actors masquerading as hacktivists or self-styled “cybersecurity journalists,” while promoting their distorted narratives on the Telegram messenger application. The questions that emerge are: Who is behind this activity and who is profiting from it? Determining the answers to these questions poses two significant riddles to the international Intelligence Community (IC).
In the context of the rapidly evolving war between Israel and Hamas, it is notable that some of this malign PSYOP activity began to accelerate the week before Palestinian militants struck.
Threat actors operating under the guise of hacktivists launched the coordinated PSYOPs campaigns, #OpIsrael and #FreePalestine, on September 23, with their corresponding execution target dates both set for September 30.
One notable threat actor identified by Resecurity’s HUNTER (HUMINT) unit uses the handle, “Mr.Dempsey,” on Telegram. Mr.Dempsey has planted their previous anti-Israel messaging campaigns in TG channels that purport to have some affiliation with the infamous Anonymous hacktivist collective. In these channels, community admins have recently been observed recruiting other hacktivist groups to launch attacks against Israel.
Resecurity also observed ‘Mr.Dempsey’ launching online campaigns that promote narratives adversarial to the Saudi Arabian government, #OpSaudiArabia and #FreeSaudiArabia.
Other hacktivist groups that Resecurity observed engaging in Gaza-nexus PSYOPs activity include Anonymous Sudan, Killnet, Legion (Cyber Spetsnaz), and Systemadminbd Spy Agents. Resecurity also identified the use of one malicious Telegram channel impersonating the official TG portal of high-authority Israeli media outlet Yedioth Ahronoth to spread anti-Israel propaganda.
Lastly, Resecurity identified several episodes of the same PSYOP involving fake data leak publications related to Israel Defense Forces (IDF) soldier data as well as claims of stolen data from Israeli intelligence agencies including Mossad and Shin Bet on the cybercriminal forums – in fact, none of those leaks actually took place on practice according to researchers. In this threat environment, geopolitical hostilities are increasingly being reflected in cyberspace. Yet attributing various PSYOPs campaigns to their ultimate intellectual authors remains a daunting challenge for the IC.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Gaza)
