Pro-Palestine hacktivist groups are very likely to intensify DDoS attacks against organisations in Israel, and those with links to Israel in the coming weeks.
This assessment was issued to clients of Dragonfly’s Security Intelligence & Analysis Service (SIAS) on 21 March 2024.
- These groups will probably be motivated by a looming ground operation in Rafah and other upcoming significant dates for Palestinians, including Land Day on 30 March
- Government services, energy, banking, finance and telecoms would be their priority targets
Pro-Palestine hacktivist groups are highly likely to significantly ramp up DDoS attacks on organisations in Israel, and those with perceived links to Israel globally in the coming weeks. Many groups already do so on a near-daily basis. This is as Israel appears to be preparing for a ground operation in Rafah, Gaza’s southernmost city. Hacktivists will also probably intensify operations ahead of multiple significant dates for Palestinians. The combination of these will probably drive a sustained campaign in the coming weeks. This would involve DDoS attacks against government, energy, telecoms and finance firms, particularly in Israel and the US.
Responding to key dates and developments
Hacktivists will probably be motivated to target Israeli organisations in response to a looming ground operation in Rafah. We assess Israel is highly intent on pressing ahead with that operation in the coming weeks. Since the start of the Gaza war in October last year, there have been surges of hacktivism in response to developments in war and the wider region. These have included high-casualty incidents in Gaza and Western military strikes against the Houthis in Yemen. And some hacktivists have threatened retaliatory campaigns on their Telegram channels in recent weeks.
These groups also appear to be preparing for a ‘campaign’ against Israel, starting on 7 April, according to messages on their Telegram channels. This is an annual days-long campaign by pro-Palestine hacktivist groups targeting Israel that usually starts around the same time every year. But operations will almost certainly be more intense this year due to the Gaza war, and the emergence of new pro-Palestine groups since. Other probable flashpoints include Land Day on 30 March and Nakba Day on 15 May. Hacktivists are often motivated by dates of political or religious importance.
Priority targets include energy and telecoms
Israeli organisations and those of countries perceived to support its campaign in Gaza remain their main targets. These have been the focus of frequent hacktivist campaigns in recent months. On 20 March, for example, the group ‘LulzSec Muslims’ claimed to have taken down the France 24 News website, and the day before said that ‘everything that supports the Zionists will see woe’. Such groups have also targeted firms in Australia, Canada, the US and the UK, among others, in recent months.
Hacktivists seem to prioritise targeting government agencies and some commercial sectors, including aviation, defence, energy, telecoms, and finance. Such groups are also likely to target specific organisations they view as supporting Israel, or who have investments there. This has often correlated with firms that feature on prominent boycott lists, such as the BDS movement. We have seen a decline in the number of operations against companies on these lists in the past few months; we are not clear why this is the case, but it may simply reflect hacktivist fatigue.
DDoS attacks most likely tactic
Most hacktivists will likely continue to mount mainly DDoS or website defacement attacks on target websites, based on our monitoring of their channels. These DDoS attacks tend to temporarily limit access to websites. Most groups do not appear to have the capabilities to mount more disruptive operations. Some hacktivists have also claimed to have conducted hack-and-leak operations, but we have been unable to verify many of these claims.
There is a notable exception, however. Anonymous Sudan is also likely to contribute to pro-Palestine campaigns and has proven more capable. In recent weeks it has focused on conducting DDoS operations on critical infrastructure in Africa and the Middle East but has previously targeted telecommunications firms in Israel. This caused some disruption to mobile networks in January, according to internet tracker NetBlocks. The group also disrupted platforms such as ChatGPT and Microsoft365 last year. Priorities for the group would probably be telecoms or media firms, based on targeting patterns in recent months.
Image: Demonstrators chant slogans near the Israeli Embassy to show solidarity with the Palestinians of the Gaza Strip in Amman, Jordan, on 20 October 2023. Photo by Khalil Mazraawi/AFP via Getty Images.