At a glance.
- Disinformation in the war between Hamas and Israel.
- Hacktivism and state action in Hamas's campaign against Israel.
- International hacktivists join the cyber conflict.
- Novel DDoS attack: Rapid Reset.
- The current state of DPRK cyber operations.
- Storm-0062 exploits Atlassian 0-day.
- Grayling cyberespionage group active against Taiwan.
- Magecart campaign abuses 404 pages.
- CISA releases two new resources against ransomware.
Disinformation in the war between Hamas and Israel.
The war that intensified Saturday with major attacks into Israel by Hamas has been accompanied by extensive disinformation, some of it directed by authorities (for the most part Hamas and governments sympathetic to Hamas) but much of it also spontaneously posted, especially in X, the platform formerly known as Twitter, but in other platforms as well. TikTok (where, for example, footage from video games has been presented as video of Israeli airstrikes) and Telegraph (where, for example, unverified and often false claims of successful cyberattacks have proliferated) have been prominent among those other platforms. But Twitter seems to have been particularly receptive to disinformation, in part because the sale of blue checks has eroded such filters that media outlets had once imperfectly but usefully provided: it's now more difficult to determine what reports originate from organizations that vet their reporting. X has also tended to promote inflammatory false information, amplifying it because such content generates engagement. And the platform's influencer culture gives careless influencers outsized clout with users.
But much of the influence being pushed doesn't involve disinformation proper. The New York Times has an overview of how Hamas has posted, often to X, the platform formerly known as Twitter, images of its atrocities against civilian victims in Israel. These are intended as both expressions of triumph and as incitement to further atrocities. X has been widely criticized for its failure to screen, filter, rate, or otherwise effectively moderate content. Changes to X's content moderation policies have, CNN reports, more-or-less adopted celebrity as a standard of newsworthiness, and largely abandoned attempts to expose coordinated inauthenticity. A European commissioner has written X to warn the platform that its failures in this respect may constitute a violation of the European Union's Digital Services Act (DSA).
Hacktivism and state action in Hamas's campaign against Israel.
"At least 15 known cybercriminal, ransomware, and hacktivist groups," by the Register's count, "have announced their active participation in disruptive attacks targeting institutions in Israel and Palestine." International supporters of both parties to the conflict are also coming under cyberattack. Some of the groups have long been aligned with Hamas, others with Israel, and still others are ramping up operations against a long-term enemy whose support for Israel or Hamas serves as either pretext or provocation. While most of the activity has been familiar distributed denial-of-service (DDoS) or nuisance-level defacement, some of it has targeted, SecurityWeek reports, infrastructure (especially electrical power distribution) and military command-and-control (especially Israeli Iron Dome anti-rocket systems). It seems the attempts against infrastructure and C2 have so far had limited effect. According to HackRead one pro-Hamas group, AnonGhost, seems to have been able to exploit a vulnerability in the Israeli Red Alert civil defense app to transmit false warnings of missile strikes.
Group-IB has been following both sides' hacktivist activity, and ReliaQuest has published a useful overview of the conflict in cyberspace, along with some brief recommendations for actions organizations can take during what should be a period of heightened alert. That said, US NSA cybersecurity director Rob Joyce commented that the cyber phases of the war have so far been largely confined to nuisance-level hacktivism. “But we’re not yet seeing real [nation] state malicious actors,” the Wall Street Journal quotes Joyce as saying. Israel has taken action against Hamas funding, seizing Hamas-linked Binance cryptocurrency accounts, Financial Magnates reports. Israel has also worked with British authorities to freeze at least one Barclays account linked to Hamas fundraising.