Feb 15, 2024 17:00:00

Google reports that Iran is strengthening its cyber activities to form anti-Israel public opinion behind the 'Israel-Hamas War'

Google's security research team ``Threat Analysis Group (TAG)'' released a report on February 14, 2024 summarizing the overview of cyber attacks in

the Israel-Hamas war . The report highlights Iran's increasing involvement in cyberattacks targeting public opinion in Israel and the United States, as well as significant differences from the cyberattacks being carried out by Russia as part of the war in Ukraine. .

Tool of First Resort: Israel-Hamas War in Cyber
https://blog.google/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/

In the report ' (PDF file) Tool of First Resort ' released this time, Google's TAG examines cyber attacks before, during and after the terrorist attack on October 7, 2023, which sparked the outbreak of war. We analyzed the trends.

As a result, pro-Israel hackers, Hamas, the Islamic fundamentalist organization that controls the Palestinian Gaza Strip, Iran, which has close ties to Hamas, and Hezbollah, the Iranian-backed Lebanese Shiite militia, It turns out that the complex battles involved are unfolding in cyberspace.

Sandra Joyce, vice president of intelligence at Mandiant, a cybersecurity company owned by Google, said: ``Notably, following the terrorist attacks by Hamas, steady cyber operations by Iranian and Hezbollah-related groups have become more intensive and 'It has become more energetic and, in particular, has become more aimed at weakening public support for the war.'

The main findings are as follows:

◆1: Iran continues to actively target Israeli and American organizations
Iran has been attacking Israel and the United States for some time, and Iran's strategy has not fundamentally changed in the wake of the Hamas attack on October 7.

Meanwhile, intensive efforts aimed at weakening both Israeli and American public support for the war have been observed in the aftermath of the attacks, including cyberattacks such as:
・Destructive attacks against major Israeli organizations.
・Information operations aimed at lowering the morale of the Israeli people, destroying trust in key institutions, and changing global public opinion toward Israel.
・Gathering information about key decision makers through a series of phishing attacks targeting users based in Israel and the United States.
・A “hack and leak operation” containing exaggerated claims of attacks on Israeli and American critical infrastructure.

A hack-and-leak operation is an attack that combines hacking and undermining the trust of the target by disclosing the data obtained. Iran has consistently emphasized the impact of cyberattacks, and there have been reports of some attempts to exaggerate the impact of attacks on less important targets.

◆2: Iran's critical infrastructure was attacked by hackers who claimed to have sprung up in response to the conflict.
In this war, both Israel and Iran have carried out cyberattacks, and in December 2023, most of Iran's gas stations were shut down due to an attack by a hacker calling himself ``Gonjeshke Darande (Meat-Eating Sparrow)''.

70% of Iran's gas stations shut down due to cyber attack, Israeli hacker claims responsibility - GIGAZINE

Iran blames Gonjeshke Darande's activities on Israel, but Google says it does not have enough evidence to support that claim.

◆3: Hamas has not become active in cyber attacks
While Iran has stepped up its cyber attacks centered on manipulating public opinion, Hamas has not shown any significant cyber activity since October 7, and conducted cyber operations in support of the October 7 attack. There was no trace of it.

Cyber espionage activities carried out by Hamas up to September 2023 include:
・Massive phishing operations to distribute malware and steal data.
・Use of mobile spyware, including Android backdoors, distributed through phishing attacks.
・Continued attacks targeting Israel, Palestine, and neighboring countries in the Middle East, as well as periodic attacks targeting the United States and Europe.

This analysis also revealed major differences from the cyber attacks carried out by Russia. Russia conducted a large-scale cyber attack just before the invasion of Ukraine on February 24, 2022, but in contrast, there was no spike in cyber attacks after the October 7 terrorist attack. did.

Additionally, while Russia coordinates cyberattacks with battlefield operations, there is no evidence of Hamas incorporating cyberattacks into its combat operations or using cyberattacks to support military operations. was.

Mr. Joyce pointed out that hack-and-leak operations and information operations are likely to remain important elements in the future, and added, ``Cyber attacks will play an important role in future large-scale armed conflicts.'' We hope the analysis and research in this report will help inform defenders around the world and provide new insights into collective defense.' said.