Roughly 11 days after Hamas launched a murderous attack on Israel, a message posted to a newly created Telegram channel claimed that the computer systems at Israel’s Nevatim Air Force Base had been breached.
What appeared to be a pro-Palestinian group claimed to have collected information about the facility’s pilots, other personnel and their families. The message included screenshots and videos purportedly taken from security cameras near the base. “You will NOT be safe,” a caption on one of the images read.
After more than two weeks of fighting between Israel and Hamas, claims such as these — which have not been verified — are becoming increasingly common as hacktivist groups step up their operations. Whether the attack against Nevatim actually took place remains unclear, but experts caution that a string of trivial attacks — and claims of far more serious ones — may portend more significant cyber operations as the conflict drags on.
Over the past two weeks, hacktivist personas have focused on operations aimed at magnifying their perceived influence and shaping views of the war — activity that experts expect to intensify.
“We can anticipate an escalating reliance on information operations aimed at influencing the global perception of the conflict, particularly within the complex geopolitical context of the region,” Tom Hegel, the principal threat researcher at SentinelLabs, told CyberScoop. “We should expect state-sponsored threat actors to intensify their information operations through various means, including the manipulation of social media platforms, the creation of fictitious hacktivist groups, and the implementation of strategic campaigns designed to influence global media outlets.”
The message claiming responsibility for the attack on Nevatim was one among a series of claims made by hacktivist groups about the systems they have breached since the latest round of fighting kicked off earlier this month. Located in southern Israel, Nevatim is one of the country’s largest air bases, regularly hosts American military assets and has taken delivery of multiple American military aid shipments.
The Israeli embassy in Washington, D.C. did not respond to a request for comment Tuesday, and it’s not clear whether the group’s claim is accurate. A breach of Nevatim’s systems would amount to a major PR coup for Hamas-aligned hackers.
These types of potentially explosive but hard to verify claims have become the stock-in-trade for hacktivist groups looking to influence the conflict. Over the weekend, a pro-Iran group claimed that it had accessed data on thousands of U.S. military, law enforcement and intelligence personnel in retaliation for U.S. support of Israel, and offered it for sale for roughly $2,000 in Bitcoin. A sample posted by the group included what appeared to be several dozen U.S. military members’ IDs and associated paper work.
A U.S. military spokesman did not return a request for comment, and a law enforcement official declined to comment Tuesday.
Nariman Gharib, a U.K.-based Iranian opposition activist and independent cyber espionage researcher, told CyberScoop that Iranian hacking groups are “constantly targeting the west and Israel.” Iran-linked personas, for example, have demonstrated a willingness to terrorize average people by stealing and posting personal data on sensitive matters such as sexual orientation and HIV status.
The Middle East is fertile ground for hacking groups, and the recent history of cyber operations there is one reason why experts are so concerned that attacks on digital systems may escalate as the war between Israel and Hamas drags on.
Groups thought to be associated with Hamas, Hezbollah and Iran have been active for years, running operations ranging from cyber espionage and data theft to hack-and-leak operations, as well as the targeting of industrial control facilities, Hegel and Aleksandar Milenkoski, a senior threat researcher at SentinelLabs, wrote in a compendium of regional players published Tuesday.
Cyber operations linked to Israel have targeted Iranian government assets in embarrassing attacks that have shut off fuel distribution systems and damaged industrial facilities.
Looking forward, Hegel and Milenkoski caution that state-backed hacking groups may use hacktivist groups as a front to obscure the origin of their attacks, and that Iranian hacking groups pose a particular threat.
“The diversity and adaptability of Iranian cyber threat actors make them a significant and multifaceted component of the global threat landscape moving forward,” the researchers wrote. “It is imperative to focus on Iran as a potential origin of both direct cyber offensive actions and proxy operations supported by Iran-linked groups like Hamas and Hezbollah.”