The present inquiry pertains to the involvement of several actors in the cyber warfare activities of Hamas on the internet.
What factors contribute to the assistance provided by hackers to Hamas?
Researchers have detected potential indications of collaboration between the Palestinian armed entity Hamas and a well-established hacking collective inside the Arabic-speaking community. Based on a report released by Recorded Future, a research organization, it is probable that Hamas sought assistance from external operators and "third parties" to provide support for a news website associated with its armed faction, Al-Qassam, during the conflict with Israel.
Shortly following the initial significant offensive by Hamas against Israel, an application associated with Al-Qassam was announced on Telegram, a platform commonly utilized by Hamas militants and its sympathizers. The addendum was sent with the purpose of disseminating the message of Hamas.
Maintaining a website or application in Gaza poses significant challenges due to the adverse effects of Israeli air strikes on the region's Internet infrastructure, resulting in power outages. The region is subject to persistent cyber attacks perpetrated by politically motivated hackers with the intention of infiltrating its critical services and websites.
Hamas is expected to mitigate this issue by facilitating the sharing of its infrastructure with entities capable of providing assistance in furthering its objectives. In response to a significant assault on Israel, the administrators of the al-Qassam website undertook the process of migrating it across other infrastructure providers.
Upon conducting an analysis of the aforementioned infrastructure, the researchers discovered notable instances of redirection to the Al-Qassam site, as well as the presence of similar Google Analytics code linked to the site domain, among around 90 additional domains.
The initial set of domains employed registration techniques akin to those employed by the TAG-63 hacker collective, which is alternatively recognized as AridViper and APT-C-23. The aforementioned cyber-espionage outfit is recognized as being supported by a governmental entity, and it specifically focuses its activities on persons who speak Arabic residing in the Middle Eastern region. It is widely assumed that the organization is operating in a representative capacity for the Gamas.
The purported association of the second set of domains is with Iran. Within the context of Iran, there was an endeavor seen wherein an entity sought to assume the identity of the World Organization against Torture (OMCT). The researchers had difficulties in establishing definitive evidence on the utilization of the site by malicious actors for the purposes of phishing or social engineering.
Iran has established strong connections with Hamas, a Palestinian militant group, and has provided cyber-support to Hamas and other Palestinian threat groups through the Iranian Quds Force. The Quds Force is a specialized force within Iran's military that focuses on non-standard warfare and military intelligence. It is the sole confirmed Iranian entity known for its involvement in cyber-support for Hamas and similar groups.
According to the researchers, the paper provides valuable insights on the potential for mutual assistance between the two factions, despite the limited evidence of collaboration thus far.