Gaza-Linked Cyber Threat Actor Strikes Israeli Energy and Defense Sectors: Microsoft

Usama AnjumLast Updated: Oct 9, 2023

Amid the Israel-Palestine conflict, Microsoft released its fourth annual Digital Defense Report with details of a cyber attack on Israel. The report suggests that a Gaza-based threat actor has been linked to a number of cyber attacks pointed at Israeli private-sector energy, defense, and telecommunications organizations. Along with these, entities loyal to Fatah are also being targeted. Fatah is a Palestinian nationalist and social democratic political party headquartered in the West Bank region. Microsoft is also tracking the Cyber campaign under the title Storm-1133.

Moreover, the company mentioned that Storm-1133 is also trying to penetrate third-party organizations that have any public ties to Israeli targets of interest. These hacks are designed to deploy backdoors, along with a configuration that enables the group to dynamically update the command-and-control (C2) infrastructure hosted on Google Drive.

“We assess this group works to further the interests of Hamas, a Sunni militant group that is the de facto governing authority in the Gaza Strip, as activity attributed to it has largely affected organizations perceived as hostile to Hamas,” the company said.

The attack chains include a combination of social engineering and fake profiles on LinkedIn that mimic Israeli human resources managers, and other officials to contact and send phishing messages, carry out surveillance, and deliver malware to employees at Israeli organizations.

“This technique enables operators to stay a step ahead of certain static network-based defenses,” Redmond noted.

The escalation in the Israeli-Palestinian conflict has been accompanied by an increase in malicious hacktivist operations such as Ghosts of Palestine that intends to bring down government websites and IT systems in Israel, the U.S., and India, as per the source

“Around 70 incidents where Asian hacktivist groups are actively targeting nations like Israel, India, and even France, primarily due to their alignment with the U.S.,” Falconfeeds.io said in a post shared on X (formerly Twitter).

All of this indicates that nation-state threats have moved away from annihilative operations to long-term spying campaigns, with the U.S., Ukraine, Israel, and South Korea emerging as a few of the most targeted nations in MENA and Asia-Pacific regions.

“Iranian and North Korean state actors are demonstrating increased sophistication in their cyber operations, in some cases starting to close the gap with nation-state cyber actors such as Russia and China,” the tech giant said.