Analysis Summary

The ongoing conflict between Israel and Palestine has escalated into a cyberwar, with various hacktivist groups targeting critical infrastructure in nations perceived to be allies of Israel.

In March 2024, the pro-Palestinian hacktivist group Anonymous Sudan launched a DDoS attack on Etisalat Egypt causing temporary downtime for its official website. This attack followed the encryption of Etisalat UAE’s systems by the LockBit ransomware group in February. Although LockBit’s data was seized by law enforcement agencies during Operation Cronos, resulting in no data being published on their site. Etisalat UAE was given a ransom deadline of April 16, 2024, which passed without incident.

Egypt has been a significant target due to accusations of delaying humanitarian aid to Palestinian refugees. In retaliation, pro-Palestinian groups disrupted Egypt's official website and the government income tax department through cyberattacks. Similarly, Saudi Arabia’s increased arrests of anti-Israel voices led to attacks on its critical infrastructure. Notably, Anonymous Collective executed a DDoS attack on a Saudi electricity company causing temporary disruptions.

On May 10, TEAM1916, an Afghan group, conducted a DDoS attack on Dubai’s official website, further illustrating the widespread impact of these hacktivist activities. Investigations revealed that Egypt’s infrastructure remains vulnerable to ongoing attacks believed to be responses to its political stance on humanitarian aid. Evidence was also found on dark web forums of a user seeking access to Etisalat UAE systems. These findings underscore the persistent threat faced by regional infrastructures from hacktivist groups.

A comprehensive list of hacktivist groups involved in attacks against the UAE, Saudi Arabia, and other allies of Israel includes Anonymous Egypt, Keymous +, Anonymous Collective, Anonymous Arabia, SYLHET GANG-SG, BhinnekaSec1337, TEAM1916, AzzaSec, LulzSec Indonesia, Fanatix Legion, Pro-Palestine Hackers Movement (PPHM), Anonymous Sudan, Lulzsec Muslim, T.Y.G Team, and Revil. These groups employ DDoS attacks, defacement, data leaks, and ransomware, to disrupt and damage their targets.

The cyber landscape amid the Israel-Palestine conflict is dynamic and fraught with threats. Hacktivist groups are significantly impacting digital infrastructure through a range of malicious activities. While some groups aim to support political causes, others like LockBit exploit the situation for financial gains. To mitigate these evolving threats, continuous vigilance and robust cybersecurity measures are imperative for the nations involved.

Impact

• Denial of Service
• Exposure of Sensitive Data
• Operational Disruption
• Reputational Damage
• Financial Loss

Remediation

• Implement multi-factor authentication (MFA) on all accounts to add an extra layer of security to login processes.
• Consider the use of phishing-resistant authenticators to further enhance security. These types of authenticators are designed to resist phishing attempts and provide additional protection against social engineering attacks.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations need to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.
• Never trust or open links and attachments received from unknown sources/senders.