OpIsrael

OpIsrael prepares for key event amongst constant activity

Target: Israeli government as well as state-owned and affiliated groups

 

Attack Vector: DDoS attacks, site defacement/hacking, data leaks

Threat Actor: Various, particularly @MCADDoSTeam as well as @LorianSynaro

Summary: BT has continued to observe steady activity in the #OpIsrael campaign, most notably originating from @MCADDoSTeam as well as @LorianSynaro. Attacks on the Israeli government have been observed and this type of operation can be expected to peak with Holocaust Remembrance Day period. The most recent incarnation has been dubbed #OpIsrael2018 and is expected to carry on through to the 14th of April. Risk assessment summary: The threat is assessed as 3d MODERATE. While there have been instances of governmental affiliated organisations being targeted, much of the focus is on the government itself. However, there has been evidence of medical organisations in particular being targeted, raising the risk in that sector. There is a high chance these attacks will continue, even after the end of #OpIsrael2018, with events on the ground contributing to increased cyber activity as well as the potential for tit-for-tat attacks between Israel and Arab league countries, particularly under the #OpIslam banner.

OpIsrael2018

OpIsrael2018 to Commence 7th April 2018

Target: Israeli Linked Targets

Attack Vector: DDoS/Defacement/Hack & Data Leak

Threat Actor: @Anonymous Affiliated Actors

Summary: The @Anonymous hacktivist collective has announced it will be commencing a series of coordinated cyber-attacks against Israeli linked targets commencing Saturday 7th April 2018. The operation has been dubbed #OpIsrael2018 and is expected to last until 14th April 2018.

Risk assessment summary: It is assessed that #OpIsrael2018 presents a 3d MODERATE threat to organisations with links to Israel. Whilst the published target lists are likely to be the primary focus for hacktivists, organisations and individuals across the globe may also be considered legitimate targets. There is also a high likelihood that Israel state-sponsored actors will pre-empt or retaliate against hacktivists during this period, which could result in collateral damage. Although occurring annually on 7th April annually, the 2018 operation may have particular significance as a result of recent attempted Palestinian incursions on the Israeli border fence. This has resulted in a number of deaths among rioters at the hands of the Israeli Defence Forces.

The ongoing Anti-Semitism controversy in the UK regarding the Labour Party may also act as a driver for UK centric activity. Some left-wing hacktivists consider the recent negative publicity as part of a “Zionist Plot” aimed at discrediting the pro-Palestinian leadership of the party. This may have implications for media organisations deemed to display a pro-Israel bias in the reporting of the issue. Additionally, UK based organisations which trade with or operate in Israel, may also be targeted. Taking into account @Anonymous statements, this is likely to include the communications sector. Whilst DDoS is likely to be the main attack vector, website defacement and hacks/ data leaks are also likely to be utilised against targets. It is recommended that increased vigilance is maintained in Israeli linked organisations between the 7th and 14th of April. Monitoring of the threat environment will continue in order to identify further actionable intelligence.