A masked Palestinian protester takes cover near burning tires during clashes with Israeli forces following a Gaza solidarity rally, organized by supporters of the Fatah and Hamas movements, in the West Bank city of Hebron on Oct. 13, 2023. (Credit: Hazem Bader/AFP)
Click here to read our live coverage.
On the evening of Hamas’ surprise attack on Israel Oct. 7, Israeli daily The Jerusalem Post reported a website malfunction. A group of hackers dubbing itself “Anonymous Sudan” was swift to claim responsibility for the cyber-attack via its official Telegram channel — a preferred communication platform for hackers.
The Jerusalem Post was not the only victim of these attacks. Several media websites, Israeli government entities, Palestinian internet service providers and other organizations have also fallen prey to cyberattacks since then.
While cyberattacks have been prevalent over the past decade, their frequency in the region has surged since Oct. 7. This escalation underscores the transformation of modern warfare, where the digital battleground holds as much significance as the physical terrain. Cybersecurity has become a natural domain of warfare.
“Cybersecurity has become a natural domain of warfare, and the playing field is more level compared to other areas,” said Ziad Nasrallah, a cybersecurity expert with the Oliver Wyman Group, a global management consulting firm.
The “Distributed Denial-of-Service” (DDoS) attack has been the most frequently employed tactic since the conflict’s outbreak. Its objective is to shut down a website or computer network by intentionally inundating the targeted system with an overwhelming volume of traffic.
“DDoS attacks are relatively easy to carry out, and their potential for causing significant harm is restricted,” Nasrallah said.
Cyberspace: Who are the parties to this conflict?
Anonymous Sudan first emerged in January 2023, claiming responsibility for various cyberattacks around the world, including against Twitter and Microsoft, as well as several European airports and Israel’s main airport.
Although the group claims to be Sudanese and defends the interests of its people, according to Truesec, a Swedish cybersecurity company that published an in-depth report on the subject, Anonymous Sudan appears to be a sub-group of the Russian hacking giant Killnet.
But it’s not the only group at play. Cybersecurity experts estimate that around 50 groups are launching attacks against Israel, while around 10 target Palestinian structures.
“There is greater solidarity today in coordinating attacks against Israel,” said Sarah Aoun, a cybersecurity researcher based in New York.
While all these groups share the same objective of causing harm, their structures and roles vary.
“As is common in a cyber-conflict such as this, you typically encounter three distinct categories of actors: nation-states that engage in both offensive and defensive actions, proxy groups that operate independently but receive financial backing from various organizations, and activists, who possess less power than the other two threat actors and are considerably more disorganized,” Nasrallah explained.
Although the swift proliferation of attacks and the increasing number of participating groups might imply a broader and more coordinated planning of cyberattacks, the prevalence of DDoS-type attacks since the conflict’s outbreak, which are relatively simple to execute from a technical perspective, indicates a predominant presence of activist groups among the attackers.
“Hackers operate in an environment characterized by anonymity and total distrust of others,” Aoun said. “They are generally reluctant to cooperate with each other and coordinate attacks.”
“Hackers would therefore prefer to act autonomously, seeking to participate in the attacks they come across,” Aoun added. “In this context, we can envision a kind of decentralized indirect coordination.”
How are cyberattacks evolving?
Although Israel has frequently been a target of cyberattacks in the past, Microsoft’s early October report revealed a surge in activity from a Gaza-based group known as Storm-1133. This group has been targeting Israeli organizations operating in the defense, energy and telecommunications sectors since the beginning of 2023.
According to Microsoft, Storm-1133 is believed to be acting in support of Hamas' interests.
Notably, there have been no significant computer attacks against critical infrastructure since the conflict’s outset. Israel, known as one of the world’s leading cybersecurity exporters, provides intensive cyberdefense training to its personnel during their compulsory military service, subsequently transitioning them into the private sector while maintaining their status as reservists.
But will the intensity of this episode prove to be a game-changer?
“The challenge with cyber warfare lies in the unpredictability,” Nasrallah said. “Everyone possesses a form of cyber weapon and is waiting for the right moment to deploy it or even just to test its capabilities.”
This article was originally published in French in L'Orient-Le Jour. Translation by Sahar Ghoussoub.