Hamas is using social engineering cyberattacks to monitor Israeli civilians, Tech Monitor has been told. It is thought the militant group is using the phones of Israeli hostages held captive in Gaza to access and monitor online communities set up in the wake of its surprise attacks last weekend.
Other successful cyberattacks on Israel’s infrastructure include hacking the Red Alert emergency alert system, which warns citizens of bombing in the area, and a DDoS attack on the Jerusalem Post newspaper.
This cyber warfare has coincided with Hamas executing an attack on Israel which has left more than 1,200 people dead and more than 150 taken hostage. Israeli President Benjamin Netanyahu says his nation is now “at war” with Hamas, and retaliatory air strikes on targets in Gaza have killed more than 500 people.
Hamas social engineering attacks may be linked to surveillance
Social engineering attacks are plaguing citizens on the ground in Israel, some of which may be directly linked to surveillance attempts on the part of Hamas, explains Michael Yehoshua, a Tel Aviv resident who works at cybersecurity vendor HolistiCyber.
“I’ve been invited to over 20 groups for providing humanitarian aid or aid in decrypting enemy messages,” he says. “Most of these groups are monitored by Hamas. They are using the phones of the captives to enter these groups and to monitor them.”
Yehoshua says Hamas “penetrated the groups because they have the phones of the kidnapped or dead,” adding: “They also connect to the new groups that have been established for aid, and they gather intelligence through this.”
Phishing campaigns are also being launched to try to exploit the conflict, according to a report by cloud security platform IronScales. It cites one such attempt found in the wild, which is an email with the subject heading: “Concern and well-wishes from Israel”.
The email appears innocuous but the cybersecurity company’s AI determined that the link in the body of the email is malicious. “Variations of these phishing attempts were sent to many of our Israeli-based employees,” the IronScales report says.
Disinformation attempts online appear to be coordinated, agrees Allen Liska, of security company Recorded Future. “What we are seeing is digital disruption and misinformation,” he says. “There have been a ton of examples of people sharing things online like videos of atrocities that turn out to be a screen grab of a video game, or reused footage from five or ten years ago. A lot of this appears to be coordinated disinformation.”
Other cyberattacks targeting Israel
Another cyberattack targeting Israeli citizens saw hacktivism gang AnonGhost exploit an API vulnerability in the Red Alert application, which provides real-time rocket alerts for Israelis.
On Sunday, #AnonGhost, a well-known #hacktivist group, exploited an API vulnerability in the #RedAlert app, that provides real-time rocket alerts for Israelis. In their exploit, they successfully intercepted requests, exposed vulnerable servers and APIs, and employed Python… pic.twitter.com/CZj2pAkS07— Group-IB Threat Intelligence (@GroupIB_TI) October 9, 2023
The hackers also dispatched fake messages about a “nuclear bomb”, according to researchers at security company Group UIB.
Israel’s biggest newspaper, the Jerusalem Post, has been the subject of a huge distributed denial of service (DDoS) attack that disabled its website for more than 24 hours, though its website had been restored on Wednesday morning. This attack has been claimed by hacktivism gang Anonymous Sudan on its Telegram channel.