The Rise and Impact of Hacktivism Amidst Conflicts in Ukraine, Israel

The ongoing war between Israel and Hamas has spurred a surge in cyber activity, with a myriad of threat actors looking to contribute to the chaos through a slew of ideology-based attacks. Multiple threat groups have targeted infrastructure sectors that include global navigation satellite system (GNSS) receivers, Israeli cyber systems, healthcare, education, water systems and U.S.-based companies that operate in Israel. The geopolitical tensions caused by this crisis have resulted in heightened animosity between several nations, exacerbating an already contentious international environment.

In the context of ongoing geopolitical conflicts, the predominant perpetrators of reported cyberattacks are hacktivist groups. These entities, motivated by ideological considerations and driven by political or societal objectives, have exhibited an escalating trend in their activities, particularly in relation to geopolitical tensions. The nature of their campaigns encompasses Distributed Denial of Service (DDoS) attacks, website defacement, data leaks, phishing and disinformation campaigns.

Illustrating this trend, the ongoing Russia-Ukraine conflict serves as a notable case study. Hacktivist groups actively targeted government, military and commercial entities perceived to support Ukrainian war efforts. Notably, this targeting extended to encompass critical U.S. infrastructure sectors, including defense and aerospace. Even in the aftermath of nearly two years post the Russian invasion of Ukraine, cyber threat groups such as Anonymous Sudan and KillNet persist in executing attacks, openly issuing threats against infrastructure linked to U.S. and NATO entities.

A parallel trend is emerging in the Israel and Hamas conflict, where hacktivism has experienced a notable surge, with many of the same groups entering the fold. Since the start of the conflict, over 70 hacking groups have become involved, utilizing cyberspace as a strategic arena for sustained engagement in ongoing hostilities.

Specific instances, according to SOC Radar’s live blog covering the conflict, include the reported DDoS attack on the Israel Space Agency website, attributed to the YourAnonT13x Group, as indicated in a corresponding post on the group’s Telegram channel. Following this incident, the GhostSec hacking group, in collaboration with Anonymous Sudan, claimed responsibility for “unleashing mass attacks on Israeli infrastructure.” Their targets included GNSS receivers and Building Automation and Control Networks (BACnet), with indications of potential future attacks targeting industrial machinery and critical infrastructure.

Despite the prevalence of hacktivism, the credibility and impact of many alleged attacks remain uncertain. Many purported attacks lack substantial proof, aside from online postings, which are often overstated. However, activities from hacktivist groups can coincide with ongoing targeting from more sophisticated entities and highlight potential victims to other, opportunistic threat actors. In Microsoft’s 2023 Digital Defense Report, researchers suggest a convergence of state-sponsored activity and hacktivist operations in observed cyber activity in Ukraine. Cyberthreat groups have evolved to collaborate more frequently, indicating that many self-reported threats from hacktivists could serve to incite other threat actors.

As such, the emergent threat posed by hacktivist groups presents a heightened risk to sectors critical to national security, including military, government, and space industries. While hacktivist groups are not considered the most dangerous threat, the continued surge of activity increases an already contested threat environment for international organizations. In a statement given to the U.S. Senate Committee on Homeland Security and Governmental Affairs, FBI Director Christopher Wray states that “the cyber targeting of American interests and critical infrastructure that we already see—conducted by [state] and non-state actors alike—will likely get worse if the conflict expands.” This pattern of hacktivist operations underscores the evolving landscape where cyber capabilities are leveraged as force multipliers in contemporary conflicts, necessitating a comprehensive understanding and strategic response to mitigate potential impacts on national security and infrastructure integrity.