At a glance.
- Hacktivism and influence operations in the Middle East.
- Cyber sparring in Russia's hybrid war.
- RomCom backdoor used against Brussels conference.
- WinRAR exploitation.
- Cyberespionage in the Middle East (OilRig) and East Asia (BloodAlchemy).
- Cisco IOS XE zero-day exploited.
Hacktivism and influence operations in the Hamas-Israel war.
Cyber operations in the Hamas-Israel war continue to be characterized by a high-volume of opportunistic nuisance-level hacktivism. Bloomberg describes a surge in hacktivism, some of it a genuine grassroots phenomenon, some of it conducted by state-directed auxiliaries and front groups. A significant number of the front groups appear to be run from Iran.
An example of narratives competing for influence in the same space has been on prominent display with respect to damage to a Gaza hospital. Both sides had accused the other of a strike against the Al Ahli Hospital, with Hamas calling it an Israeli airstrike and Israel calling it a malfunctioning rocket launched toward Israel by Palestinian Islamic Jihad. Evidence increasingly points to the latter. The US National Security Council tweeted its evaluation of the Al Ahli Hospital incident. "While we continue to collect information, our current assessment, based on analysis of overhead imagery, intercepts, and open source information, is that Israel is not responsible for the explosion at the hospital in Gaza yesterday." The Israeli Defense Forces (IDF) have released an intercepted conversation between Hamas operatives discussing the incident and attributing it to the failure of a Palestinian Islamic Jihad rocket. The Telegraph has an overview of the evidence suggesting that the destruction was caused by a failed rocket launch. Casualty estimates also seem to be dropping--Gaza authorities had published a death toll of more than 500, but the visible damage to the hospital seems to render that count implausible.
Hamas's claims that the explosion was due to an Israeli airstrike, however, continue to be generally accepted and circulated in Islamist and wider Arab circles, where they've driven widespread protests this week. Most of the hacktivism in the conflict has been conducted in the interest of Hamas.
ZeroFox has a useful account of the ways in which misinformation (false claims made without malicious intent) and disinformation (intentional lies told with a political purpose) are unfolding in the current war. Some of the disinformation originates from third-parties to the conflict. "ZeroFox intel has identified a notable uptick in anti-Palestinian disinformation from seemingly Indian accounts and anti-Israel disinformation from seemingly pro-Russian accounts."
Where are false or dubious claims concentrated? The DFR Lab reports that pro-Israeli accounts (especially in English) have tended to show a preference for X (the platform formerly known as Twitter) despite X's recent difficulties with its hosting of pro-Hamas posts. The Hamas-linked accounts have gravitated to Telegram. Much amplification of disinformation is achieved through the use of accounts that impersonate trusted sources.
Hacktivist auxiliaries' operations tend to resemble one another.
ComputerWeekly observes that pro-Hamas hacktivism has followed a pattern established during Russia's war against Ukraine, concentrating on website defacements. The piece also notes that during the war between Hamas and Israel hacktivism has been relatively one-sided, with very few cyberattacks against Palestinian sites. The attacks haven't for the most part risen above the level of a nuisance, and concentration on defacements seems more opportunistic than strategic, more a matter of capability than of imitation. A Cambridge University researcher who's studied the conduct of the war told ComputerWeekly, “Lots of people talk up the idea that hacktivists could make a big difference in combat. What we are seeing in both the Ukraine work and the work now in Hamas is that this is over-egged. You do see some civilian activism around war outbreaks but it's so low grade as to be of no security concern."
There are some differences. The hacktivism on display in the Hamas-Israeli war is less disciplined, less susceptible to state control, than that observed in the hybrid war between Russia and Ukraine. Axios writes, "The war between Israel and Hamas is reminding governments just how difficult it is to control politically motivated hacking groups...Politically motivated hackers (also known as hacktivists) often target state-backed organizations and groups in an effort to complicate war efforts." Targeting is complicated, and freelancing makes it even moreso. To take just one example, an attack that takes, say, a government service offline, might inadvertently interfere with collection efforts underway against that service.