At a glance.
- Disinformation in the war between Hamas and Israel.
- Hacktivism in Hamas's campaign against Israel.
- Russian hacktivist auxiliaries conduct DDoS attacks against Israeli sites.
- KillNet and the IT Army of Ukraine say they'll follow ICRC guidelines.
- The current state of DPRK cyber operations.
- Grayling cyberespionage group active against Taiwan.
- Magecart campaign abuses 404 pages.
- Breach reported at 23andMe.
- Voter records in Washington, DC, compromised.
- CISOs and their willingness to pay ransom.
- Patch Tuesday.
Disinformation in the war between Hamas and Israel.
The war that intensified Saturday with major attacks into Israel by Hamas has been accompanied by extensive disinformation, some of it directed by authorities (for the most part Hamas and governments sympathetic to Hamas) but much of it also spontaneously posted, especially in X, the platform formerly known as Twitter, but in other platforms as well. TikTok (where, for example, footage from video games has been presented as video of Israeli airstrikes) and Telegraph (where, for example, unverified and often false claims of successful cyberattacks have proliferated) have been prominent among those other platforms. But Twitter seems to have been particularly receptive to disinformation, in part because the sale of blue checks has eroded such filters that media outlets had once imperfectly but usefully provided: it's now more difficult to determine what reports originate from organizations that vet their reporting. X has also tended to promote inflammatory false information, amplifying it because such content generates engagement. And the platform's influencer culture gives careless influencers outsized clout with users.
Hacktivism and state action in Hamas's campaign against Israel.
"At least 15 known cybercriminal, ransomware, and hacktivist groups," by the Register's count, "have announced their active participation in disruptive attacks targeting institutions in Israel and Palestine." International supporters of both parties to the conflict are also coming under cyberattack. Some of the groups have long been aligned with Hamas, others with Israel, and still others are ramping up operations against a long-term enemy whose support for Israel or Hamas serves as either pretext or provocation. While most of the activity has been familiar distributed denial-of-service (DDoS) or nuisance-level defacement, some of it has targeted, SecurityWeek reports, infrastructure (especially electrical power distribution) and military command-and-control (especially Israeli Iron Dome anti-rocket systems). It seems the attempts against infrastructure and C2 have so far had limited effect. According to HackRead one pro-Hamas group, AnonGhost, seems to have been able to exploit a vulnerability in the Israeli Red Alert civil defense app to transmit false warnings of missile strikes.
Group-IB has been following both sides' hacktivist activity, and ReliaQuest has published a useful overview of the conflict in cyberspace, along with some brief recommendations for actions organizations can take during what should be a period of heightened alert. That said, US NSA cybersecurity director Rob Joyce commented yesterday that the cyber phases of the war have so far been largely confined to nuisance-level hacktivism. “But we’re not yet seeing real [nation] state malicious actors,” the Wall Street Journal quotes Joyce as saying. Israel has taken action against Hamas funding, seizing Hamas-linked Binance cryptocurrency accounts, Financial Magnates reports. Israel has also worked with British authorities to freeze at least one Barclays account linked to Hamas fundraising.
Russian hacktivist auxiliaries conduct DDoS attacks against Israeli sites.
Among the hacktivist groups who've rallied to support Hamas in its current attack against Israel are two familiar Russian auxiliaries, KillNet and Anonymous Sudan. When the Israel government service site gov[dot]il was knocked offline over the weekend (it was back in operation Monday), KillNet claimed credit and counted coup. "Israeli government, you are responsible for this bloodshed. Back in 2022, you supported the terrorist regime in Ukraine," Cybernews quotes a KillNet Telegram post. "You betrayed Russia. Today, Killnet officially informs you of this! All government systems of Israel will be subject to our attacks!" Anonymous Sudan claimed responsibility for the Red Alert hack.
KillNet and the IT Army of Ukraine say they'll follow ICRC guidelines.
The BBC reports that prominent and opposing hacktivist auxiliaries stated over the weekend that they intended to abide by the guidelines officials of the International Committee of the Red Cross (ICRC) recommended last week. Russia's KillNet and the IT Army of Ukraine both said that they intended to follow rules that would clarify the extension of international humanitarian law to activities in cyberspace. The guidelines aim principally at protecting civilians and civilian infrastructure from harm. See CyberWire Pro for an extended consideration of the ICRC's recommendations.
The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here.