top of page

Gaza-linked cyberthreat targets Israeli energy and defence

A string of cyberattacks targeting Israeli private sector energy, defence, and telecommunications companies have been traced back to a threat actor based in Gaza.

Microsoft is monitoring the attack under the codename Storm-1133; the company disclosed information about it in its fourth annual Digital Defence Report.

"We assess this group works to further the interests of Hamas, a Sunni militant group that is the de facto governing authority in the Gaza Strip, as activity attributed to it has largely affected organisations perceived as hostile to Hamas," the business stated.

The campaign's targets included groups that supported Fatah, a Palestinian nationalist and social democratic political party with its headquarters in the West Bank, as well as organisations in the Israeli energy and defence industries.

Attack chains use a combination of social engineering and fictitious LinkedIn profiles, posing as Israeli software developers, project managers, and HR directors, to contact and send phishing messages, carry out reconnaissance, and infect employees with malware.

Microsoft reported that it had also seen Storm-1133 trying to sneak inside other groups that were publicly connected to Israeli targets of interest.

Along with a configuration that enables the organisation to dynamically update the command-and-control (C2) infrastructure stored on Google Drive, these breaches are made to deploy backdoors.

"This technique enables operators to stay a step ahead of certain static network-based defences," Redmond stated.

The revelation coincides with a worsening of the Israeli-Palestinian conflict and a rise in hostile hacktivist campaigns like Ghosts of Palestine, which try to take down Israeli, American, and Indian government websites and IT infrastructure. stated in a message shared on X (previously Twitter) that there had been "around 70 incidents where Asian hacktivist groups are actively targeting nations like Israel, India, and even France, primarily due to their alignment with the U.S."

The change coincides with a shift in nation-state threats from disruptive and destructive operations to long-term espionage campaigns; among the most targeted countries in the Asia-Pacific, Middle East and North Africa (MENA), and Europe are South Korea, Israel, the United States, and Ukraine.

"Iranian and North Korean state actors are demonstrating increased sophistication in their cyber operations, in some cases starting to close the gap with nation-state cyber actors such as Russia and China," claimed Google.

The frequent usage of unique tools and backdoors, such as MischiefTut by Mint Sandstorm (aka Charming Kitten), to aid in persistence, detection evasion, and credential theft, is indicative of this growing tradecraft.

17 views0 comments


bottom of page