The second front of all contemporary war is cyber. Google’s threat analysis group (TAG) and the company’s own Mandiant and security and trust teams have concluded in their report The Israel-Hamas cyberwar: a frontline tool that the Middle East conflict has certain characteristics that differentiate it, for example, from the war in Ukraine. One of the main countries that intervenes with cyber attacks, according to the document, is Iran, which after the Hamas attack on Israel has maintained the intensity of its activity, but has focused its initiatives on weakening public opinion support for the war.
In the six months before Hamas’ attacks on Israel last October 7, Iran accounted for 80% of government-backed phishing activity against Israel. The proportion has been maintained until today.
According to the TAG, in cyberwar Iran carries out “destructive attacks against key Israeli organizations” and illegal access operations and leaks of “exaggerated claims about attacks against critical infrastructure in Israel and the United States.” Other attacks include information operations aimed at demoralizing Israel’s citizens, eroding trust in critical organizations, and turning global public opinion against Israel, as well as phishing, targeting users in Israel and the United States, aimed at obtaining information. on key decision makers.
For example, an Iranian attacking group called Greatrift distributed malware through a fake “missing persons” website that promised information about Israelis kidnapped by Hamas. Another campaign from the same group managed to trick a hospital in Israel with an institutional blood donation advertisement into distributing malware.
Is someone attacking Iran? The Google group has no evidence of attacks promoted by governments, but an Israeli group called Gonjeshke Darande – predatory sparrow – claimed that it had managed to put most of Iran’s gas stations out of service last December through a cyberattack that affected its systems. payment. The Iranian government linked the attack to Israel, but Google’s group of analysts assures that it does not have sufficient evidence to corroborate that attribution.
Another different role is that of Hamas. Analysts have noted that, unlike the weeks prior to Russia’s attack on Ukraine in February 2022, when there was an increase in cyberattacks from the first, the Palestinian group has not carried out cyberattacks as a form of tactical support. to their attacks on Israel on October 7. Cyberespionage by groups linked to Hamas until last September maintained its usual line, with phishing campaigns to distribute malware such as mobile spyware. This took advantage of Android vulnerabilities and stole data from its users.
Google analysts point out that one of the key components in cyberwar “is affecting the hearts and minds of the population of the attacked country.” In a war, attempts are made to block critical services, such as water and electricity. “This – they point out – is how trust in the Government can be undermined. “This is how you can really get to the morale of the people, and if the morale of the people is degraded, it is to the detriment of their combat ability.”
