Over the weekend, Iran launched missile and drone attacks on Israel, retaliating for a suspected Israeli strike on its Damascus consulate that killed 13 people last week.

This escalation arises from the ongoing Israel-Iran rivalry and Israel-Palestine conflict. 

Cyber activities predated the attacks by nearly a year, starting in late March when hacktivist groups announced digital offensives against both sides following Hamas’ large-scale offensive from Gaza towards Israel in October 2023 amid intensified Israeli-Palestinian tensions. 

The tit-for-tat violence between Israel and Iranian proxies like Hamas shows no signs of decreasing.

SOCRadar observed cyber activities preceding and paralleling the physical Israel-Hamas conflict that began last year. 

Once again this week, cyber offensives foreshadowed the missile and drone attacks exchanged between Israel and Iran, demonstrating how cyber warfare often preludes and accompanies kinetic military operations.

Iran’s Attack On Israel

The cyber defense chief Gaby Portnoy of Israel indicated that the cyberattacks targeting Israel tripled since the conflict with Hamas began on October 7, driven by increased involvement from Iran, Hezbollah, and allied hackers.

While attack volumes were highest in the conflict’s initial months before tapering, certain days and events saw major spikes in activity. 

Recent weeks have witnessed an uptick in hacktivism by groups like OpIsrael and FreePalestine, reflecting the ebbs and flows of cyber offensives paralleling kinetic clashes.

A threat on Telegram urged hackers to target Israel during Jewish holidays, citing symbolism in Israeli actions.

Various groups seized on holidays and conflict dates as opportunities for coordinated cyber attacks, SOCRadar said.

While many hacktivists merely signal impending events, wittingly or not, some groups like IRGC-linked, Hezbollah-backed, Iranian APTs, and Houthi hackers had more substantive cyber impacts during the Israel-Hamas conflict. 

The allegedly state-sponsored Cyber Toufan/Cyber Toufan Al-Aqsa conducted major operations and coordinated other groups to hit similar targets simultaneously. 

After a long break, their activity resurged in early April, potentially foreshadowing the latest Israel-Iran cyber/kinetic escalation.

During the Israel-Hamas conflict, a group called Cyber Toufan Al-Aqsa, allegedly sponsored by the state carried out major operations in which it mobilized other groups to hit the same targets simultaneously.

In the start of April this year, they came back after going silent for some time.

In late March, however, IRGC-linked Cyber attackers, popular for attacking OT systems and exposed before they were sanctioned again, reappeared, telling people about an upcoming “big” thing.

They consequently took credit for a huge cyber-attack as payback for Iran’s strikes on Israel.

Cyber Av3ngers claimed responsibility for cutting electricity across “occupied territories” from south to north in retaliation for Israeli actions in Gaza. 

However, besides this, the widening scope to strike overflow targets like Saudi Arabia demonstrates how easily hacktivism can expand cyber confrontations.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.