Middle East Cyberwar Rages On, With No End in Sight

It's been more than a year since the conflict between Hamas and Israel began, and the cyber battle between the two entities rages on, involving a variety of perpetrators and using playbooks of other global conflicts.

Here are some of the top developments over the duration of this cyberwar and what we can expect to see in 2025.

Beginning Stages

Soon after Hamas launched its strikes against Israel, more than a dozen threat groups declared their intent to begin cyberattacks against Palestine, Israel, and their respective supporters. Some of these groups include Killnet, Anonymous Sudan, Team insane, Mysterious Team Bangladesh, and Indian Cyber Force.

In the initial days, the first cyberattack victims were the Jerusalem Post at the hands of Anonymous Sudan, and the Tel Aviv Sourasky Medical Center, which was attacked by Sylhet Gang, ultimately leading to operational disruption.

As the cyberattacks continued, Krypton network offered to sell its distributed denial-of-service (DDoS) capabilities to hacktivists interested in targeting Israeli organizations. But attacks flew from the other side as well when ThreatSec reportedly attacked AlfaNet, a Palestinian Internet service provider, causing the company's servers to shut down and gaining control of more than 5,000 servers in Gaza in the process.

Then, in its first post on X, Predatory Sparrow, a pro-Israeli hacktivist group, reappeared on the scene. 

The group said to its followers, "You think this is scary? We're back. We hope you're following the events in Gaza" — and included a link to a report on the US sending fighter planes and warships to support Israel.

Cyberwar on a Global Scale

Roughly a month after the conflict began, FBI Director Christopher Wray warned that the war in the Middle East raised the threat of cyberattacks against the US, citing an increase in attacks on US military bases overseas, anticipating both physical and cyberattacks.

The FBI once more issued warnings, this time regarding cybercriminals masquerading as fundraisers and charities, reaching out to individuals via email, social media, phone calls, and crowdfunding websites, all to convince victims that their cryptocurrency funds would go to Israeli or Palestinian victims. A Netcraft report traced $1.6 million of crypto to these fake accounts, a grand show of their influence.

By the end of 2023, Israeli company CyTaka hired a network of cyber hackers from around the world to counter anti-Israel online activity, while cyberattackers known as Gaza Cybergang used a variation of the Pierogi++ backdoor malware against both Palestinian and Israeli targets.

A Year in Review

This past year began with Turkish hacktivists projecting political, violent messages about the conflict between Israel and Gaza at a highly frequented movie theater in Tel Aviv. 

In July, an Israeli army chief reported thwarting some 3 billion cyberattacks since the conflict began. Cyberattacks against the Israeli Defense Forces (IDF) included targeting operation systems necessary for the military's functioning, though details were not provided on the nature of the attacks.

Then in October, security firm ESET reported a "security incident" affecting its partner company in Israel. It cited a malicious email campaign that was blocked and ultimately denied any true compromise over its systems. 

Just last month, "Wirte," an advanced persistent threat (APT) supporting Hamas and its agenda, was reported to be conducting espionage against governments in the Middle East and wiper attacks against Israel. The APT uses phishing attacks containing documents, legitimate resources, and malware, sometimes using the IronWind loader, which employs a multistage infection chain to drop its malicious payload.

Next on the Horizon

Observers and industry experts expect more of the same in 2025. The conflict has intensified cyber threats, with state-sponsored actors and hacktivist groups continuing to exploit global tensions.

"We can expect an escalation in sophisticated phishing campaigns, disinformation efforts, and attacks on critical infrastructure," said Stephen Kowski, field CTO at SlashNext Email Security+, in an emailed statement to Dark Reading. "Organizations should prioritize real-time threat intelligence and advanced AI-powered detection systems to stay ahead of evolving tactics."

In addition, he recommended that organizations prepare themselves with robust employee training and implement multilayered security measures to mitigate against future attacks.

"[This] will be crucial in defending against the anticipated surge in social engineering and targeted malware attacks," Kowski added.

John Bambenek, president of Bambenek Consulting, offered a different take. "At this point, with the loses endured by Hamas, they are more focused on survival and have significantly reduced capabilities even in the cyber realm," Bambenek said in an emailed statement to Dark Reading.

In 2025, he believes attention should be focused on Iran, a country that has been a major power player in this conflict.

"If recent reports are true and Israel is considering military strikes in the short term against Iran, that likely could easily escalate into a 'weapons-free' mindset with cyberattacks," he said. "Recent research by Team82 indicates the Iranian government has already decided to field test and preplace capability to launch ICS/OT attacks broadly, should such an escalation occur and those attacks likely will include the US and Europe."