At a glance.
- Cyber operations in Hamas's war.
- Not all influence operations involve disinformation.
- Cryptocurrency as a source of Hamas funding.
- Russian hacktivist auxiliaries shift their focus from Ukraine to Gaza and Israel.
- Novel DDoS attack: Rapid Reset.
- Resurgent credential phishing campaign.
- Patch Tuesday overview.
Cyber operations in Hamas's war.
Hacktivists (and hacktivist auxiliaries) who've joined the war Hamas began against Israel Saturday have claimed widespread and substantial damage to important systems, but so far their activities haven't extended much farther than familiar distributed denial-of-service operations and site defacements. Claims of attacks against, for example, electrical power distribution, seem to be for the most part attention-getting brag. AnonGhost's compromise of the RedAlert app, designed to send attack warnings to smart phones, seems the most consequential of the cyber operations so far. Reuters summarizes the current state of hacktivist action in the war so far.
Most of the hacktivism has been conducted in the interest of Hamas, but at least one Israeli group--either a front group or a hacktivist auxiliary--has reemerged to take a role in the conflict. Predatory Sparrow, known for operations against Iran, has been observed probing Iranian sites and posting warning messages, CyberScoop reports. "You think this is scary?" the messaging said, in Farsi. "We're back. We hope you're followng the events in Gaza." Iran has long been Hamas's patron, and is widely suspected of having provided both planning and logistical support to the Hamas operation.
Many have asked how Hamas achieved operational surprise Saturday. The reasons are complex, but some of the success must be charged to effective operations security. Hamas evaded Israeli cyber and electronic collection by simply "going dark," as Bloomberg puts it. They stayed off their devices and conducted business face-to-face in small cells.
Not all influence operations involve disinformation.
The most prominent cyber phases of the war so far have been influence operations, many of them conducted on behalf of Hamas, or of serving interests only tangentially related to the war. An example of the latter is the Russian narrative falsely asserting that Ukraine had supplied Hamas. Other bogus reports appearing online have included posting and mislabeling of old video and even video from online games as representing breaking events in the war.
Much of the influence doesn't involve disinformation. The New York Times has an overview of how Hamas has posted, often to X, the platform formerly known as Twitter, images of its atrocities against civilian victims in Israel. These are intended as both expressions of triumph and as incitement to further atrocities. X has been widely criticized for its failure to screen, filter, rate, or otherwise effectively moderate content. Changes to X's content moderation policies have, CNN reports, more-or-less adopted celebrity as a standard of newsworthiness, and largely abandoned attempts to expose coordinated inauthenticity. A European commissioner has written X to warn the platform that its failures in this respect may constitute a violation of the European Union's Digital Services Act (DSA).