The Iranian government, through its Iranian Revolutionary Guard (IRGC), has been backing a major hacking campaign aimed against Israel and its allies since the October 7 massacre enacted by the terrorist group Hamas. This activity was uncovered by research conducted by none other than Microsoft.
There is nothing new about this. Iran has been many cyber threats in recent years, including the successful hacks of private companies using ransomware, demanding a ransom be paid to either return control of a system to its owners or to not reveal secret information that was stolen. And this is still going on.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at [email protected].
Thank you.
“Since the outbreak of the Israel-Hamas war on October 7, Iran has increased its influence operations and hacking efforts against Israel, creating an ‘all hands on deck’ threat environment,” said Microsoft. “These attacks were reactive and opportunistic in the early days of the war but, by late October, nearly all of its influence and major cyber actors were targeting Israel. Cyberattacks became increasingly targeted and destructive and IO campaigns grew increasingly sophisticated and inauthentic, deploying networks of social media ‘sockpuppet’ accounts.” (A sock puppet is a false online identity used for deceptive purposes.)
Microsoft said in its report that the Iranians engaged in a series of “cyberattacks and influence operations (IO) intended to help the Hamas cause and weaken Israel and its political allies and business partners.”
The attacks that came in the aftermath of the October 7 attack were “hasty and chaotic,” said Microsoft and indicated that Iran’s efforts “had little or no coordination with Hamas.” But all of this changed in the following months.
Microsoft’s researchers found that many of the attacks in the early days of the war in Gaza were either leaked old material, used pre-existing access to networks or were false.
Iran’s activity quickly grew from nine Microsoft-tracked groups active in Israel during the first week of the war to 14, two weeks into the war. Cyber-enabled influence operations went from roughly one operation every other month in 2021 to 11 in October 2023 alone.
Microsoft said that as time went on, Iranian backed hackers expanded their geographic scope to include attacks on Albania, Bahrain and the USA. They also increased their collaboration, enabling greater specialization and effectiveness.
“The IRGC’s attacks on US water control systems while opportunistic were seemingly a clever ploy to test Washington by claiming legitimacy in attacking equipment made in Israel,” the researchers said.
This confirms a report issued in December by Israel’s National Cyber Directorate summarizing the activities of hackers working against the interest of Israel and Israeli organizations during the first two months of the Iron Swords War in Gaza. The report stated – to no one’s surprise – that such attacks increased after the start of the war.
The Directorate also explained that the attacks became more sophisticated over time. In the first few weeks after the barbaric Hamas attack of October 7 the attacks were “simple and unsophisticated” it said. This included petty things like vandalizing websites which were carried out “mainly for visible purposes.”
