On October 7, the Palestinian terrorist movement Hamas launched a massive surprise attack through the “Iron Wall” separating the Gaza Strip and southern Israel, in which its gunmen massacred more than a thousand civilians and soldiers in ISIS-style executions and took more than a hundred others hostage in Gaza. In response, Israel has declared a state of war, launching massive bombing raids on Gaza. It is rumoured that a ground operation is being considered, including possible reoccupation – the stated goal being the military destruction of Hamas, and the completely routing of its infrastructure. This report will tell you all you need to know about the conflict, and its possible cyber spillover.
Hamas is an Islamist militant movement, and one of the two main political forces in the Palestinian territories. It governs more than two million Palestinians in the Gaza Strip, but the group is best known for its armed resistance to Israel and its terrorist attacks – most often in the form of the launching of crude garage-made Qassam rockets – but also attacks by individuals and small groups on Israeli territory.
Dozens of countries designated Hamas as a terrorist organization, although New Zealand and some international organizations apply this designation only to its military wing, the Izz ad-Din al-Qassam Brigades.
The main state-partner of Hamas is Iran, who provides materials, financial support, and weapons and training. Qatar contributes in a similar manner, and Turkey is thought to harbour some of its leadership. The rival party to Hamas is Fatah: they dominate the Palestine Liberation Organisation (PLO), govern the West Bank, and have renounced violence, which (among other things) has caused a split in the Palestinian movement and led to open power struggles, with Hamas routing Fatah’s military in the Gaza Strip, while Fatah remains in power in the West Bank.
The current leader of Hamas is Ismail Haniyeh, who has been based in Doha, Qatar, since 2020. Hamas leaders settled in Qatar after falling out with their previous host, Syria, when Palestinian refugees took part in the 2011 uprising against the Syrian regime. Some senior Hamas officials also reportedly operate from the group’s offices in Turkey.
Hamas stands for Harakat al-Muqawama al-Islamiya (Islamic Resistance Movement) and was founded by Sheikh Ahmed Yassin, a Palestinian cleric and activist with the Egyptian Islamist organization Muslim Brotherhood. Yassin preached and performed charity work in the West Bank and Gaza, which Israel occupied after the 1967 Six-Day War, since the late 1960s. After the outbreak of the ‘First Intifada’ (the Palestinian uprising against the Israeli occupation of the West Bank, Gaza, and East Jerusalem), Yassin founded Hamas in December 1987 as the political arm of the Muslim Brotherhood in Gaza. At the time, Hamas’s goal was to counter Palestinian Islamic Jihad (PIJ), another terrorist organization whose commitment to violent resistance against Israel was an unwelcome rival to the Muslim Brotherhood’s fight for Palestinian’s favour. In 1988, Hamas published its charter, which called for the destruction of the state of Israel and the creation of an Islamic society in historic Palestine based on Sharia law.
Hamas first employed suicide bombing in April 1993, five months before PLO leader Yasser Arafat and Israeli Prime Minister Yitzhak Rabin signed the Oslo Accords. The historic pact established limited self-government for parts of the West Bank and Gaza under a newly created entity called the Palestinian Authority (PA). Hamas condemned the accords, as well as the PLO’s and Israel’s recognition of each other, which Arafat and Rabin officially agreed to in letters sent days before Oslo. The movement went on to spearhead violent resistance during the second Intifada in
the early 2000s.
Hamas is formally cut off from official aid provided by the United States and the European Union to the Palestinian Authority due to its designation as a terrorist entity, so historically, most of the movement’s funding has come from Palestinian expatriates and private donors from the Gulf. Egypt and Israel have formally maintained a blockade of Gaza since 2007, but before the war, Israel allowed hundreds of trucks into the enclave, from which Hamas takes its cut. Israel has also allowed Qatar to provide hundreds of millions of dollars of aid to civilians through Hamas social services, and other foreign aid has made its way into Gaza through the Palestinian Authority and UN agencies. This is largely European money which is technically subject to controls on its civilian use, but Hamas has its own ways of tapping into these flows and siphoning off parts to finance its terror activities.
In 2018, Egypt began allowing some commercial goods to enter Gaza through the Salah al-Din border crossing, with taxes expected to generate up to $12 million per month for Hamas. This money is used to fund its operations, like any government, it can only devote a limited portion of its budget to military spending. This does not, however, appear to be the case with resources from Iran, which is now one of the organization’s biggest sponsors, sending weapons, money and training. Although Iran and Hamas briefly parted ways after supporting opposing sides in the Syrian civil war, Iran currently provides approximately USD 100 million a year to Hamas, Palestinian Islamic Jihad, and other terrorist groups. Iranian officials have met extensively with Hamas leadership in recent months, openly celebrating its attack on Israel and pledging further support in the future. In addition to this, Turkey insists that it supports Hamas only politically because of Turkey’s relations with the US, but there is reason to suspect that financial aid is being diverted from the Turkish Cooperation and Coordination Agency.
The Gaza Strip is a small area on the border between Israel and Egypt on the Mediterranean Sea. It is a small strip of land of roughly 360km2 with a population of roughly 2 million people, and therefore has a higher population density than London or Shanghai. Roughly half of the population are children, which are systematically indoctrinated by Hamas-controlled schooling. According to World Bank statistics, the area has one of the highest unemployment rates in the world, and the UN estimates that around 80% of the population relies on international aid to survive and access basic services, which is primarily due to the long-standing Israeli blockade in response to the Hamas terrorist attacks.
Gaza is one of the two Palestinian territories. The other is the West Bank, which includes East Jerusalem and borders Jordan and the Dead Sea. Israel occupied the West Bank and Gaza during the 1967 Six-Day War. The international community generally considers the West Bank occupied and Israeli settlements established there after the war illegal. The Palestinian Authority, controlled by the Fatah party and led by President Mahmoud Abbas, has full control over the part of the West Bank known as Area A and partial control over Area B, while Area C is fully administered by Israel.
Gaza was part of the Ottoman Empire, and then occupied by Great Britain from 1918-1948 and later Egypt between 1948-1967. Almost 20 years after Israel declared statehood in 1948, it conquered the Gaza Strip from Egypt and the West Bank from Jordan in 1967 as part of the Six-Day War (the third Arab-Israeli war). Israel controlled Gaza for 38 years, during which time it built Jewish settlements on the territory. Tensions and violence persisted for years, including during the First Intifada – a nearly four-year stretch of protests, riots and terror bombings in the Palestinian territories and in Israel over the occupation of Palestinian territories. The bloodshed led Prime Minister Yitzhak Rabin to reach an agreement with the PLO in Oslo in 1993, under which the Palestinians took control of Gaza as a local government in 1994. Israel then withdrew militarily from Gaza in 2005 and dismantled its settlements there.
Hamas took control of Gaza only shortly afterwards, winning a majority of seats in the Palestinian Authority legislature and forming a government in 2006. It won votes both through the social services it provided, and as a party that radically refused to make concessions to Israel – unlike the secular Fatah, which is deemed corrupt by many Palestinians. Fatah did not accept the election result and removed Hamas from power in the West Bank. In the Gaza Strip, however, fighting between the two Palestinian groups broke out, and Hamas routed the Fatah militias within a week of fighting, leading to a political split between the two Palestinian territories. This schism was then exploited by the Israeli right, led by prime minister Benjamin Netanyahu. The Palestinians have not elected a legislature since 2006, and a president since 2008.
Hamas is running an authoritarian regime in Gaza but maintains support of big part of the population. A 2021 poll found that 53% of Palestinians believed that Hamas was “most deserving to represent and lead the Palestinian people”, while only 14% preferred the secular Fatah. Hamas in Gaza officially governs in accordance with the Palestinian equivalent of a constitution based on Sharia law (as does the PA in the West Bank), but in reality is more restrictive than the law requires, including controlling women’s dress, enforcing gender segregation in public, or imposing multi-year prison sentences on LGBT community. The population in Gaza has no means of controlling Hamas’ governance and its use of public money, while Hamas severely represses independent media, civic activism (including the internet), political opposition, and NGOs independent of it.
Hamas regularly launches homemade rockets, mortar shells, and improvised incendiary devices from Gaza into Israel. Iran has publicly admitted to providing some of these weapons directly, as well as technology transfers and training with the IRGC and its proxy forces in areas such as rocket construction. Israeli estimates prior to the attack spoke of an arsenal of some thirty thousand rockets and mortars directly in Gaza across local terrorist groups led by Hamas. Hamas has also made incursions into Israeli territory, killing and kidnapping soldiers and civilians, but to an incomparably lesser extent. The October 2023 massacre by Hamas represents the probably the worst loss of life to Jews since WWII.
A wave of hacking attacks on Israeli targets has added a cyber dimension to the conflict, shortly after the surprise attack was launched on October 7. Earlier this year, a Gaza Strip group known as Storm-1133 targeted Israeli energy, defence and telecommunications companies using fake LinkedIn profiles to pose as software developers or project managers, and sending malware to employees at those targets to install back doors for later use. Other hacks, mainly by self-proclaimed hacktivist allies of the Palestinians, were aimed at sowing confusion or alarm. For example, pro-Palestinian hackers ‘AnonGhost’ claimed responsibility for an attack on an Israeli app that warns residents of incoming rocket strikes, with the group falsifying rocket alerts to incite panic and chaos. Various groups launched dozens of denial-of-service attacks at government and private websites, knocking them offline, but causing no lasting damage.
One of the most effective DDoS attacks was against Israeli English-language media like Jerusalem Post, or Haaretz, a major source of reporting on the fast-changing conflict and atrocities committed by Hamas in the initial phase of the attack. The particular attack on Jerusalem Post was claimed by Anonymous Sudan, which a recent Cyfirma report identifies as a likely front for Russian intelligence services. The conflict is so far characterized by large scale levels of misinformation, much of it uploaded spontaneously (mostly on X) but also state-driven disinformation campaigns conducted by Hamas and countries sympathetic to Hamas like Iran, Turkey and Qatar. Video game footage has been misrepresented as evidence of Israeli airstrikes, while erroneous and frequently unsubstantiated reports of successful hacks have become widespread. Hamas and their affiliates appear to be centred around disrupting flows of reliable news from the Israeli side, and flooding social media with bogus content to drown indisputable evidence of Hamas atrocities, before horrific images of civilians suffering from Israeli retaliation dominate the information sphere.
At least fifteen well-known hacktivist, ransomware, and cybercriminal groups have declared their active involvement in disruptive operations against both Israeli and Palestinian organizations. Cyberattacks are also targeting foreign backers of both sides in the war. While some of the groups have been supporting Israel or Hamas for a long time, others are intensifying their efforts against a long-standing adversary whose
backing is either a pretext or a provocation. While the majority of the activity has been well-known distributed denial-of-service (DDoS) or nuisance-level defacement, there were at least some more sophisticated attacks targeting military command-and-control, specifically Israeli Iron Dome anti-rocket systems, as well as infrastructure, particularly electrical power distribution. It appears that the attacks on C2 and infrastructure have not had much of an impact thus far, but this might change as the cyber conflict spills over to other countries. A Palestinian hacker collective named ‘Ghosts of Palestine’ has invited hackers from around the world to attack private and public infrastructure in Israel and the United States, which is likely to find a response with some ideologically motivated hacking groups. A pro-Hamas group ‘Cyber Av3ngers’ targeted the Israel Independent System Operator (Noga), a power grid organization, claiming to have compromised its network and shut down its website. The group also targeted the Israel Electric Corporation, the largest supplier of electrical power in Israel and the Palestinian territories, as well as a power plant. However, these claims so far seem to be for the most part attention-getting brag, as the effects were only on a nuisance level and had no effect on the grid operation.
As per OSINT researchers, the bulk of hacktivist activities primarily align with Hamas’s interests. Notably, an Israeli group called Predatory Sparrow, renowned for its operations against Iran, has been observed engaging in probing Iranian websites and posting cautionary messages in Farsi. These messages warn Iran against taking any hostile action towards Israel, given Tehran’s historical support for Hamas. There is strong suspicion that Iran has provided both planning and logistical support to Hamas.
Another distinct group involved in hacktivist activities, supporting Israel is The Indian Cyber Force. Although they typically focus on conflicts involving Pakistan and other South Asian states, this group has claimed responsibility for taking down Hamas websites and other pages affiliated with Palestinian authorities and businesses. Their messages draw links between Hamas and ISIS, accusing Hamas of using Palestinian civilians as shields.
Both pro-Israeli and pro-Palestinian hacktivists are now directing their efforts towards Industrial Control Systems (ICS), including SCADA systems. Alarming vulnerabilities have been identified, particularly among Israeli organizations that have left their Modbus (a SCADA communication protocol) exposed. Approximately 400 such instances have been noted. Additionally, around 150 Message Queuing Telemetry Transport (MQTT) ports, which enable communication between Manufacturing Execution Systems (MES) and SCADA, are still open. In the Palestinian context, entities there are also exposing Modbus, MQTT, Siemens automation, and Symantec systems. These Industrial Control Systems, designed to monitor and manage industrial machinery and processes, are critical for ensuring effective and safe operations in various industries. SCADA, a type of ICS, is responsible for collecting data and implementing operational controls across vast distances. While no confirmed cases of successful exploitation causing damage to critical infrastructure have been reported in this conflict, many of these systems have been found to be vulnerable.
The notorious Russian group; Killnet, has launched attacks against Israeli government websites, while another Russian threat actor known as “Blackfield” announced that they possess data belonging to hundreds of IDF soldiers and Shabak members, including phone numbers, photos, and personal information on a Russian-speaking forum. They may use this data for further targeted attacks and disinformation campaigns. Blackfield also hints at targeting the US in the near future. Nation-state reactions to the conflict have naturally been much more obfuscated and difficult to attribute, however, it is highly likely that Iranian cyber threat groups in particular will have an interest in influencing the conflict via the cyber battlespace (indeed, Hamas has publicly stated that its attacks on Israel were backed by Iran). There are a number of Iranian-based internal threat groups that might launch effective assaults against even the most advanced security measures in place at an enterprise. It is conceivable that activity related to Iranian-affiliated cyber threat organizations would rise in reaction to these events, given that these groups have previously targeted nations with tense political ties to Iran, such as the US and Israel. Potential assaults would likely be deliberate and focused, affecting Israeli enterprises with ties to the government, or those engaged in important infrastructure projects for the government, telecommunications, and defence.
Israel will seek to eliminate the threat posed by Hamas for good, but that will arguably require extensive aerial bombardment, followed by direct conflict on the ground. This will cause very intense collateral damage and civilian casualties in the Gaza strip, which is likely to draw in other adversaries, including Hezbollah (who already pledged to attack when the Israeli army enters Gaza), al-Qaeda, or Iran. The cyberspace aspect of the conflict is likely just nascent, and we are likely to see a spike in the activity of Iranian APTs attacking countries that support Israel. Russia might throw its weight behind some of the activity – as intensification of the conflict suits their interests – driving attention from its war in Ukraine, and consuming resources that could otherwise help its Western neighbour. The cyber realm is becoming the vanguard of geopolitical statecraft with the Middle East, serving as the hotbed of geopolitics, innovation, use of cyber intelligence collection, cyber warfare, and integration with physical conflict. The Middle East is a region rife with discord. Its political map is very complex, with interconnected relationships of its peoples, and identities that transcend national borders.
Thus, the number of ways this conflict can spill into almost any country in the region, based on a series of (often counterintuitive) alliances is almost infinite, especially in the cyber domain. To better understand the rich tapestry of relations in the Middle East, and why there is currently a Cyber Arms Race going on in the region, read the recently published Cyfirma report on the topic here.