Menggugat Zionazi Israel

Dalam Perspektif Perang Siber dan Intelijen

20 min readDec 25, 2023

Dalam tulisan kali ini saya akan mengulas hasil riset yang dilakukan oleh CYFIRMA, sebuah perusahaan siber yang menawarkan layanan siber dan proteksi terhadap ancaman siber. Perusahaan ini memberikan layanan seperti cyber-intelligence, attack surface discovery, dan digital risk protection. Riset yang dilakukan CYFIRMA berjudul “ISRAEL GAZA CONFLICT : THE CYBER PERSPECTIVE” tampaknya cukup menarik untuk diulas karena risetnya begitu dalam mencakup interaksi dengan aktor yang terlibat langsung terhadap grup-grup hacker yang terafiliasi dengan Palestina dan Israel.

Hasil riset tersebut dibuka dengan cukup adil dengan bagian awal “Executive Summary” (ES). Dalam ES tersebut CYFIRMA menjelaskan bahwa beberapa kelompok hacktivis telah menargetkan infrastruktur kritis, lembaga pemerintah, dan organisasi di Israel dan Palestina. Serangan tersebut melibatkan Distributed Denial of Service (DDoS), serangan perusakan, dan pelanggaran data. Seiring dengan negara-negara lain mengambil sikap dalam perang ini, konflik tersebut juga meluas di luar wilayah langsung, mempengaruhi beberapa negara lain. Dalam hasil risetnya CYFIRMA memberikan gambaran singkat tentang konflik siber yang meningkat di Timur Tengah, berasal dari peristiwa geopolitik terkini. Mereka mengklaim telah berinteraksi langsung dengan aktor ancaman dari kelompok hacktivis dengan tujuan untuk memahami lebih dalam motivasi penyerang dan target-target yang akan datang.

Riset yang dilakukan CYFIRMA dilakukan cukup terstruktur. Ia menggunakan pendekatan External Threat Landscape Management (ETLM) sebuah paradigma yang digunakan untuk penanganan ancaman keamanan siber. ETLM mewakili metodologi yang proaktif, adaptif, dan berpikir ke depan, dirancang khusus untuk mengatasi kompleksitas lanskap ancaman saat ini. Dengan menggunakan ETLM, CYFIRMA menyusun risetnya sebagai berikut:

Pendahuluan
Timeline
Diskusi Dengan Pihak Netral
Diskusi Dengan Pihak Pro-Palestina
Diskusi Dengan Pihak Pro-Israel
ETLM Asesmen
Threat Actor
Kesimpulan
Rekomendasi

Pendahuluan

Seiring konflik siber berkembang, konsep “Hybrid Warfare” muncul, mencampur operasi kinetik dan non-kinetik (yaitu siber) di medan perang modern. Sementara operasi siber secara tradisional bersifat non-kinetik, disini mulai terjadi pergeseran paradigma, karena serangan siber pada infrastruktur vital — seperti pembangkit listrik — memiliki potensi menghasilkan hasil kinetik yang nyata, mengganggu operasi lokal, dan dapat menyebabkan kekacauan luas serta kerusakan yang bisa menimbulkan krisis. Jenis peristiwa ini berkaca pada invasi Rusia ke Ukraina melalui node Viasat dengan cara serangan DDoS yang diinisiasi oleh GRU (Intelijen Rusia), dari kejadian itu perang yang terjadi antara Israel dan Palestina juga termasuk perang modern dengan konsep “Hybrid Warfare”, karena semakin banyaknya pelaku non-state yang terlibat dalam operasi penyerangan, kita menyaksikan pola serupa dalam konflik yang sedang berlangsung antara Israel dan Palestina.

Timeline

6 Oktober 2023: Cyber Av3ngers, sebuah kelompok hacktivis, mengklaim bertanggung jawab atas peretasan Noga Independent Systems Operator dan peluncuran serangan Distributed Denial of Service (DDoS). Peristiwa ini menandai awal dari aktivitas siber terkait konflik yang sedang berlangsung.

7 Oktober 2023: Dalam waktu satu jam setelah serangan Taufan Al-Aqsha, yang dimana lebih dari 5000 misil diluncurkan ke Israel, kelompok hacktivis Anonymous Sudan (diduga berasal dari Rusia) meluncurkan serangan DDoS pada semua aplikasi peringatan yang digunakan untuk memberitahu warga tentang kedatangan roket.

8 Oktober 2023: Situs web resmi pemerintah Israel menjadi tidak dapat diakses di seluruh dunia, dan kelompok hacker Rusia ‘Killnet’ mengklaim bertanggung jawab atas serangan tersebut. Mereka menuduh pemerintah Israel mendukung “rezim teroris” di Ukraina dan mengumumkan bahwa mereka akan menyasar sistem pemerintah Israel.

Anonymous Sudan menyerang situs web The Jerusalem Post, menyebabkannya tidak dapat diakses selama lebih dari 2 hari. Pelaku ancaman Ares Leaks mengumumkan bahwa mereka bersedia membeli data yang terkait dengan kelompok militer Hamas. Selain itu, Cyber Aveng3rs mengklaim bertanggung jawab atas peretasan ke pembangkit listrik DORAD, dan ThreatSec mengklaim telah meretas dan menonaktifkan Alfanet, penyedia layanan internet terbesar di Palestina.

9 Oktober 2023: Kelompok hacktivis AnonGhost berhasil meretas Aplikasi Peringatan Israel dan mengirim pemberitahuan ancaman dengan memanfaatkan kerentanan API dalam aplikasi tersebut. Di sisi lain, cabang siber unit Lahav 433 dari Kepolisian Israel, dengan bantuan dari Binance, membekukan akun-akun cryptocurrency yang dimiliki oleh Hamas.

10 Oktober 2023: Pelaku ancaman yang dikenal sebagai “blackfield” mengumumkan di forum berbahasa Rusia bahwa mereka memiliki data milik ratusan tentara IDF dan anggota Shabak, termasuk nomor telepon, foto, dan informasi pribadi. Mereka mungkin menggunakan data ini untuk serangan yang lebih terarah dan kampanye disinformasi. Blackfield juga memberi petunjuk bahwa mereka berencana untuk menyasar Amerika Serikat dalam waktu dekat.

Berbagai kelompok hacker pro-Israel dan pro-Palestina terlibat dalam aktivitas siber, menutup situs web, dan menargetkan infrastruktur. Cyber Av3ngers mengklaim memiliki akses CCTV ke Mekorot, perusahaan air nasional Israel, menambah daftar serangan pada sistem kontrol industri.

11 Oktober — 13 Oktober 2023: Individu dari berbagai kelompok hacktivis mencari log pencuri yang ditambahkan ke repositori pencarian publik pusat, mencoba menemukan kredensial valid untuk meretas target mereka yang menarik. Para hacktivis tertarik pada server yang dimiliki oleh:

The Federal Emergency Management Agency (FEMA),
The Ministry of Health of Kenya,
Texas Attorney General,
The Ministry of Education of Israel,
Prime Minister’s Office,
Republic of Iraq,
Alayen Iraqi University,
Middle Technical University in Iraq,
Journal of Petroleum Research and Studies (Iraq),
Bayan University (Iraq).

14 Oktober 2023: Cyber Av3ngers mengumumkan bahwa mereka berhasil meretas ORPAK, sebuah perusahaan yang menyediakan solusi pembayaran dan manajemen untuk bisnis bahan bakar, ritel, dan armada di Israel. Langkah ini diikuti dengan mereka mengunggah rekaman CCTV dan data dari beberapa stasiun pengisian bahan bakar serta tangkapan layar dari panel internal menggunakan SiteOmat.

15 Oktober 2023: Kelompok hacktivis AnonGhost Indonesia mengklaim bocornya database proyek kencan dan konsolidasi untuk komunitas LGBTQ Israel — “The Gaydar” di Pastebin.

16 Oktober 2023: Di tengah serangan lain, situs web berita Israel “All Israel News” dan “Abu Ali Express” menjadi target hacktivis “YourAnon T13x”. “All Israel News” mengambil tindakan pencegahan yang menyebabkan permintaan web dari kelompok hacktivis awalnya diblokir, namun, para pelaku ancaman dapat melakukan serangan DDoS lagi terhadap situs web tersebut.

17 Oktober 2023: Kelompok hacktivis AnonGhost mempublikasikan daftar target Israel yang rentan terhadap CVE-2023–29489 beserta eksploitnya. Kerentanan ini memengaruhi aplikasi cPanel yang umumnya dihoskan di situs web. Ini adalah kerentanan cross-site scripting yang dapat dimanfaatkan tanpa otentikasi oleh penyerang.

TL;DR Interaksi Langsung CYFIRMA dengan Pihak Netral, Pro Palestina dan Pro Israle

Pada bagian ini merupakan hasil interaksi langsung CYFIRMA pada non-state actor baik dari sisi netral, pro-palestina dan pro-israle

WE SPOKE WITH A THREAT ACTOR WHO HAS TAKEN A NEUTRAL STANCE IN THE ONGOING WAR.
In September 2022, Spid3r and the Kromsec group emerged as significant threats to Iran, both in the digital and real World. They initiated a cyber offensive as part of Anonymous’s #OpIran campaign, responding to the tragic death of Mahsa Amini, which has placed considerable pressure on the Tehran regime. Spid3r, who was previously involved in #OpRussia and contributed to the disruption of critical Russian targets, shared insights on the ongoing war. As stated by Spid3r in previous conversations, “Turning off unimportant targets for 5 minutes doesn’t work at all — But DDoS can be effective if you lock a specific target for a long time. For example, let’s say that the money transfer system of a country’s central bank does not work for 6 hours. Loss is unpredictable”.
(CYFIRMA): Can you please introduce yourself and describe your group’s political stance?
Spid3r (KromSec): Certainly. We are KromSec, a collective of hacktivists. Our primary goal is to respond to global events and issues through hacktivism. We operate from a democratic standpoint, firmly against censorship, corruption, human rights violations, and various modern-day problems. Our group comprises not only hackers but also activists, writers, and journalists. However, the individuals taking responsibility for our actions are mostly hacktivist hackers with a background linked to Anonymous.
We were notably involved in Anonymous’ OpRussia, and later, we initiated OpIran. Our activities have targeted various entities, including universities, ministries, national assemblies, and government systems.
After the protests in France, we hacked the French Ministry of Justice and disclosed information about hundreds of judges. Unfortunately, our Twitter account and Telegram channel were suspended due to the French Government’s intervention.
You can expect to see more data related to the French Ministry and an important government system on our channel soon. I hope that gives you a good overview. Feel free to ask further questions.
CYFIRMA: Can you confirm your group’s involvement in the recent cyber-attacks on the Palestinian Ministry of Foreign Affairs?
Spid3r (KromSec): Yes, it is true that we gained access to their systems. However, we want to clarify that our intentions are not malicious. We believe that wars are tragic and should not be supported by any side.
CYFIRMA: What do you plan to do with the data you obtained from the Palestinian Ministry of Foreign Affairs?
Spid3r (KromSec): Our intention is to reveal any hidden information when we deem it necessary.
CYFIRMA: Are you acting independently, or are you affiliated with a specific organization or group?
Spid3r (KromSec): We operate independently.
CYFIRMA: Do you believe that cyber-attacks will extend beyond the Middle East? There has been significant attention to this issue.
Spid3r (KromSec): In today’s world, technology connects everything, including people. Cyber actions can have a far-reaching impact, and we should consider their potential consequences.
CYFIRMA: Given the recent Hamas/Israel confrontation, have you heard of any major actions on the horizon?
Spid3r (KromSec): The media attention on unnecessary DDoS attacks makes us question their significance. We are monitoring an Israeli group closely, and they have targeted various .edu.ps websites. Pro-Palestinian Arab groups tend to focus on DDoS attacks on vulnerable systems or exploit WordPress vulnerabilities or compromised admin accounts. We respect genuine hacks, but DDoS attacks on insignificant sites for bragging rights are questionable.
CYFIRMA: How does your group view the ongoing conflict between Palestinian militant groups and Israel?
Spid3r (KromSec): We believe that the Israeli intelligence services are aware of such attacks, and it’s thought-provoking that they coincide with a time when Netanyahu lost support from his own people.
CYFIRMA: Do you have a longer-term strategy?
Spid3r (KromSec): It’s too early to discuss long-term strategies. The future is uncertain, and events can change rapidly.
CYFIRMA: What specific targets have you focused on in your cyber-attacks?
Spid3r (KromSec): We always act with consideration for potential consequences on civilians and critical infrastructure. We don’t aim to harm the public.
CYFIRMA: Are there specific demands or conditions your group aims to convey through these cyber-attacks?
Spid3r (KromSec): We usually communicate our intentions through attack messages or by contacting the affected system.
CYFIRMA: How do you see your cyber actions fitting into the overall strategy of your organization or group in this conflict?
Spid3r (KromSec): Our primary focus is on positive intentions. We targeted two universities, which are prominent in their country and have students who oppose the current regime. Our goal was to establish a constructive dialogue to prevent the potential misuse of information by others. Unfortunately, the situation didn’t unfold as we had hoped.
CYFIRMA: Would your group consider engaging in dialogue or negotiations with relevant parties in the Israel/Hamas conflict to address your concerns without resorting to cyber-attacks?
Spid3r (KromSec): I don’t anticipate such an offer. As for the pro-Israeli group we are monitoring, we are open to dialogue.
CYFIRMA: Please share your thoughts on the Hamas/Israel conflict and how you think things will unfold, both on the ground and in cyberspace.
Spid3r (KromSec): The ongoing conflict raises many questions. Is Hamas doing more harm to Israel or to their own people? The actions taken by Hamas, such as dismantling pipes from international organizations for infrastructure and repurposing them for missiles, are concerning. What Hamas is doing is unacceptable, and all Palestinians suffer as a result. However, this doesn’t justify Israel’s use of phosphorus gas. The lack of international response is baffling.
The situation is shrouded in uncertainty. We are closely watching the Middle East, where complex political games are played behind closed doors. True peace in this region will only be possible when both Israeli and Palestinian children can sleep without fear. We believe that diplomacy, rather than escalating tensions through attacks, is the key to a resolution.
CYFIRMA: You mentioned that your group has some background with Anonymous. Would you like to share a little about your technical capabilities?
Spid3r (KromSec): While I prefer not to boast about my technical skills, I can confirm that I am not new to the realm of cybersecurity. Anonymous has provided us with valuable knowledge and resources.
CYFIRMA: Is there a specific reason you don’t want to discuss your skills in detail?
Spid3r (KromSec): I believe that actions speak louder than words, and I prefer to let our activities demonstrate our skills.
A FEW MONTHS AGO, WE SPOKE WITH A THREAT ACTOR WHO IS SUPPORTING GAZA IN THE ONGOING WAR
The conversation below is an excerpt from that interview.
Note: The responses have been slightly modified to improve readability as English is not their native language
CYFIRMA: We appreciate you taking the time to speak with us. Can you begin by telling us more about your group, DeltaBoys, and your role within it?
DeltaBoys: We are a group with a long history, and I’m referred to as “anony.” We’ve had different names in the past, but our recent one is DeltaBoys. We’ve been involved in various activities, including penetrating government organizations and exposing their information.
CYFIRMA: What prompted you to communicate with the media directly?
DeltaBoys: We are regular people who are interested in communication, and we decided to engage with the media.
CYFIRMA: To introduce you properly, how would you describe your group’s activities? Are you primarily access brokers or involved in other aspects of cyber operations?
DeltaBoys: Our activities were initially in the underground, but about a year ago, we rebranded as DeltaBoys. We focus on infiltrating government organizations and disclosing their information.
CYFIRMA: What is your group’s technical specialty or passion?
DeltaBoys: For nearly 20 years, we have specialized in penetration and vulnerability detection.
CYFIRMA: Could you share the origins of your group and what motivates your activities?
DeltaBoys: Initially, our focus was on exposing corrupt governments, governmental crimes, and corruption. We were driven by a desire to hold such entities accountable and make people happier through our actions.
CYFIRMA: Have you collaborated with other groups or formed any affiliations?
DeltaBoys: Yes, we have worked with many groups, although our group’s rules often didn’t align with those of other groups. Unfortunately, most well-known groups have affiliations with security organizations, and it’s interesting to note that many hacker groups have been victims of our actions, resulting in us obtaining and publishing information about them.
CYFIRMA: Can you tell us about your targets, particularly those related to Israeli infrastructure, and the ideological reasons behind your attacks?
DeltaBoys: The Israeli government has a history of what we view as wrongdoing and violence worldwide. Hacking and disclosing their information are a way for us to express our opposition to their actions. We have targeted many cyber groups from Israel, identifying their information and operational weaknesses. Their primary goal often revolves around financial control.
CYFIRMA: We’ve noticed an increase in web defacement attacks. Can you explain this and whether it’s due to a growth in your group or an increase in sophistication?
DeltaBoys: We are a small but secretive group. Some of our intrusions occur after thorough information checks on organizations, while others involve sensitive information and documents. The public hacks typically relate to our older targets.
CYFIRMA: How do you select your targets, and what vulnerabilities or criteria attract your attention?
DeltaBoys: We have a vulnerability testing lab and identify the latest vulnerabilities. We also gather information on government targets through our members and by assessing the level of corruption. Occasionally, we hack ordinary people for fun, particularly if they are involved in fraud and corruption.
CYFIRMA: Can you share some insights into your tactics and techniques that set you apart from other threat actor groups?
DeltaBoys: Unfortunately, we cannot disclose our work method, but we achieve significant results by leveraging zero-day vulnerabilities and exploiting human error. A single human error in a security organization, for instance, can provide us with access to the entire organization, including emails, passwords, VPNs, files, virtual networks, and social networks.
CYFIRMA: Let’s discuss the financial aspect. How do you monetize your operations, and what brings in the most income for your group?
DeltaBoys: We primarily make money through the sale of data and government and financial access, generating approximately $40,000 per month. This income supports our operations, but it’s important to distinguish between hackers and financial fraudsters who steal from ordinary people’s databases. We are not thieves.
CYFIRMA: What are your near-term and long-term ambitions as a group?
DeltaBoys: Our goal is to create a powerful group that transcends sect, religion, and racism. We aim to fight against corrupt politics, racism, and corruption while defending human rights. We believe that all human beings have equal rights, and we strive to uphold them.
WE SPOKE WITH A THREAT ACTOR WHO IS SUPPORTING ISRAEL IN THE ONGOING WAR
(CYFIRMA): Can you please introduce yourself? How would you describe yourself in terms of political stance?
fqw (Owner of GlorySec): My handle is fqw, I am the owner of GlorySec, and I would also like to state before we get started that most, if not all hacktivist groups have no idea about the current geopolitics other than what they hear from the media/press. We aren’t black hats like GhostSec or SiegedSec; we actually stand up for what’s right, we attack everybody with a particular reason.
CYFIRMA: Are you acting independently, or are you affiliated with a specific organization or group?
fqw: GlorySec is a subgroup of a particular darknet cult that we can’t go into any further detail about. However, yes — GlorySec is affiliated with another group.
CYFIRMA: Ok, thanks. Can you confirm your involvement in the recent cyber-attacks on the Palestinian territory?
fqw: We are currently prioritizing our involvement within the Israel-Palestine conflict, but we can’t go into operational details.
CYFIRMA: How does your group view the ongoing conflict between Palestinian militant groups and Israel?
fqw: GlorySec members have left, and the owner has left as well to start a new operation. We have an entirely new team with the same political agenda. We will be more radical towards terrorists and extremists and those who threaten humanity without justification. We support Israel in the Israeli-Palestinian conflict and Azerbaijan in the Azerbaijan-Armenia war. We have worked on #OPArmenia and #OPPalestine and taken over websites. We have attacked educational institutions in response to attacks on the innocent.
CYFIRMA: So far, we have seen several cyber groups becoming involved in the recent Hamas/Israel confrontation. Are you aware of any major actions that may take place?
fqw: We feel that both countries will be severely attacked, but we can’t provide operational details or those of our affiliates.
CYFIRMA: I understand you can’t go into too much operational detail about what you are planning, but can you give us an idea of your group’s capabilities or what you have previously done?
fqw: Our new team is very advanced, with skills ranging from reverse engineering to network penetration. However, we primarily focus on web penetration testing.
CYFIRMA: Is what you are planning solely a response to recent events in the Gaza Strip, or does it represent a longer-term strategy?
fqw: It’s most likely a longer-term strategy, but our first motivation was the Gaza Strip attacks.
CYFIRMA: Do you think cyber-attacks will extend beyond the Middle East?
fqw: It depends on the group and the country.
CYFIRMA: Have you considered the potential consequences of your actions on civilians or critical infrastructure in the affected regions?
fqw: Yes, we have, but we always have a purpose, so we don’t take it into critical consideration.
CYFIRMA: Are there any specific demands or conditions that your group is trying to convey through these cyber-attacks?
fqw: It depends on the issue. For example, in the Palestine situation, we are trying to push Palestine out of Israel, although they likely won’t listen. Many hacktivist groups are attacking both sides.
CYFIRMA: How do you anticipate what you are planning will affect the situation on the ground or the broader conflict? How impactful is it going to be? We’ve heard some industrial control systems being attacked; is it in that vein?
fqw: GlorySec isn’t like other hacktivist groups that claim they are grey hats, but they are actually black hats. We always have a purpose when we hack, and we do it to push a cause. Our actions will likely impact Palestine financially, making them realize they need to back out. There have been some attacks on industrial control systems.
CYFIRMA: What are your views on Iran, who are widely known to fund Hamas? Isn’t that an attractive target?
fqw: We have looked into Iran, and that is our next operation after Palestine. We also have a few people already working on Iran, but it’s mainly focused on Palestine.
CYFIRMA: Before we wrap up, could you give us an idea of the background of your group? What makes you all so motivated?
fqw: GlorySec is made up of average citizens, such as cashiers or lawn mowers, everyday people like you. Our motivation comes from tragedies and events caused by companies and countries, like the wrongful invasion of Palestine. We are fighting for justice.
CYFIRMA: Thanks for chatting. If you want to say anything else, always feel free to reach out!

Interaksi langsung CYFIRMA memberikan wawasan yang komprehensif dan rinci mengenai pandangan dan aktivitas tiga pelaku ancaman yang terlibat dalam konflik berkelanjutan di Timur Tengah, dengan fokus khusus pada konflik Israel-Palestina. Penggunaan wawancara langsung dengan individu-individu ini, yang mewakili kelompok hacktivist, menambah dimensi unik untuk memahami motivasi, strategi, dan niat mereka. Hal tersebut efektif memperkenalkan konteks dengan menyoroti munculnya pelaku ancaman seperti Spid3r dan KromSec, keterlibatan mereka dalam kampanye Anonymous, dan motivasi mereka yang terkait dengan peristiwa global. Hal itu juga berhasil menangkap sifat banyak lapisan dari pelaku ancaman siber dalam konflik Timur Tengah, menyajikan perspektif yang beragam.

Seperti yang sudah dibicarakan diawal, bahwa dari hasil interaksi CYFIRMA, selanjutnya ia melakukan proses asesmen ETLM untuk pada akhirnya memunculkan konklusi dan rekomendasi untuk kita memahami, mengelola risiko-risiko dan mempelajari tipe-tipe serangan. Berikut ulasan selanjutnya:

Penilaian ETLM

Pihak Lawan

Penjahat Siber, Hacktivis, APTs

Infrastruktur

Botnet Pribadi, Bulletproof VPS, Booters/Stressers, CompromosidevRDP/VNC

Sasaran/Korban

Hacktivis Pro-Gaza secara kolektif menargetkan negara-negara seperti India, Mesir, Kenya, Prancis, Jerman, Italia, Inggris, dan Amerika Serikat (selain Israel). Di sisi lain, hacktivis Pro-Israel menargetkan Iran, Irak, Arab Saudi, Lebanon, dan Qatar (selain Palestina dan Gaza).

Kapabilitas

Sebagian besar kelompok ini tidak terorganisir dan mencari cara untuk menyebarkan propaganda mereka menggunakan serangan DDOS dan perusakan. Namun, ada beberapa kelompok di kedua sisi yang dapat melancarkan serangan yang lebih canggih.

Sepanjang periode ini, CYFIRMA telah mengamati peningkatan jumlah kelompok penjahat siber yang masuk ke konflik, menargetkan infrastruktur di kedua belah pihak.

23 Kelompok — Pro-Israel
103 Kelompok — Pro-Palestina
4 Kelompok — Netral

Catatan: Informasi ini dapat berubah karena sifat dinamis dari peristiwa-peristiwa.

THREAT ACTORS

Pro-Israel Hacktivists/Groups

Anonymiss
Anonymous India
Anonymous Israel
AresLeaks
Arvin
Cyber Club (Support)
Dark Cyber Worrior
Garuna Ops
Gaza parking lot crew
GlorySec
GonjeshkeDarande
ICD- Israel Cyber Defense
Indian Cyber Force
Indian Darknet Association
IT ARMY of Ukraine
Kerala Cyber Thunders
Kerala Cyber Xtractors
Silencers_of_evil
SilentOne
Team NWH Security
TeamHDP
Termux Israel
UCC Team

Pro-Gaza Hacktivists/groups

4 Exploitation
1915 Team
./CsCrew
./Tea Party
Aceh About Hacked World
AnoaGhost
AnonHamz
AnonT13x Group
Anonymous 070
Anonymous Indonesia
Anonymous Morocco
Anonymous Russia
Anonymous Sudan
Arab Anonymous Team
ASKAR DDOS
Awham
Bandung Cyber Team
Bangladesh Civilian Force
Black Security Team
Blackshieldcrew MY
Boom Security
Cubjrnet7
Cscrew
Cyb3r Dragonz Team
Cyber Error Team
Cyb3r Gang
Cyber Sederhana Team
CyberActivism
Dark Storm Team
DumpDataBase
Dragonforce Malaysia
Eagle Cyber Crew
Electronic Tigers Unit
End Sodama
Esteem Restoration Eagle
F7 Xpl0it3r
Fr3dens of Security
Ganosec team
Garnesia Team
Gb Anon 17
Ghost Clan Malaysia
GhostClan
Ghost Hunter Illusion
GhostSec
Hacktivism Indonesia
Hizbullah Cyb3r Team
IndoGhostSec
Islamic Cyber team | Indonesia
islamic hacker army
Jateng Cyber Team
JATIM RedStorm Xploit
KEP TEAM
khalifah cybercrew
Khan cyber Army
KillNet
Kingman world official
Kuningan Exploiter
LGH
Malaysia cyber defacer
MeshSec
Milad Hacking
M.H.T
Moroccan Black Cyber Army
Moroccan Defenders Group
MrWanz
Muslim Cyber Army
Mysterious Team Bangladesh
xNot_RespondinGx
Pakistan Cyber Hunter
Pakistani Leet Hackers
Panoc team
Royal Battler BD
Russian tools
Siber Team
Siegedsec
Skynet
StarsX Team
Storm-1133
Stucx Team
Sukowono Blackhat Team
Sylhet Gang-SG
Synix CyberCrimeMY
Systemadminbd Official (BCF)
Team Anon Force
Team Azrael Angel of Death
Team Herox
The key40
Team R70
Team R
Team_insane_Pakistan
Teng Korak Cyber Crew
The Ghost Squad
The White Crew
Toyonzade
Turk Hack Team
TYG Team
UserSec
VulzSec
WeedSec
x7root
Yemen Legions Team
YourAnon T13x

Group yang menargetkan negara yang support Israke

Anonghost
Cyber Av3ngers
Deltaboys
GhostSec
Ghosts of Palestine
Killnet
Storm-1133

Neutral Group

Cyber Army Of Russia
DUNIA MAYA TEAM
KromSec
ThreatSec

APT (Advanced Persistent Threat)

Dengan cara APT biasanya beroperasi, CYFIRMA belum mengamati aktivitas yang dikonfirmasi hingga saat ini. Namun, sangat mungkin bahwa para hacjer akan mencoba memanfaatkan situasi ini untuk melancarkan serangan yang lebih canggih daripada yang telah kita lihat sejauh ini dari kelompok-kelompok lain. Berikut adalah daftar kelompok yang memiliki sejarah menargetkan Israel:

DEV-0270
Arid Viper, APT-C-23
POLONIUM
DEV-0133
DEV-0227
DEV-0343
Storm-1084
RUBIDIUM
APT32
APT33
APT34
APT35
APT39
Moses Staff

Konklusi

Sejak operasi Taufan Al-Aqsha, CISA “berkomunikasi sangat dekat” dengan Israeli National Cyber Directorate untuk berbagi intelijen. Presiden AS Joe Biden dijadwalkan untuk melakukan perjalanan ke Israel, diikuti oleh Yordania, di mana dia akan berinteraksi dengan pemimpin Israel dan Arab. Di sisi lain, Menteri Luar Negeri Iran, Abdollahian, telah mengeluarkan peringatan tentang kemungkinan Iran dan sekutunya mengambil “tindakan preemptif” dalam waktu dekat sebagai respons terhadap serangan Israel di Gaza. Konflik Israel-Palestina melihat eskalasi signifikan dalam serangan siber oleh kelompok hacktivis dan aktor ancaman dari berbagai wilayah, menargetkan situs web pemerintah, sektor pendidikan dan media, papan reklame, pembangkit listrik, sistem peringatan, dan bahkan informasi militer sensitif. Keterlibatan aktor-aktor siber ini menambah dimensi baru pada konflik yang sedang berlangsung, menyoroti kerentanan bangsa-bangsa terhadap serangan siber dalam situasi ketegangan yang tinggi. Saat situasi mulai terungkap, menjadi jelas bahwa keamanan cyber akan memainkan peran kritis dalam konflik yang kompleks dan berkepanjangan ini. Perang yang sedang berlangsung telah memakan banyak nyawa tak bersalah di kedua belah pihak.

REKOMENDASI

Rekomendasi Taktis

Perkuat Mitigasi DDoS: Mengingat prevalensi serangan DDoS dalam konflik siber ini, organisasi dan pemerintah sebaiknya menginvestasikan teknologi dan strategi mitigasi DDoS yang tangguh. Analisis lalu lintas waktu nyata dan penyaringan lalu lintas dapat membantu meminimalkan gangguan layanan.
Pemindaian Kerentanan Rutin: Pemindaian kerentanan terus-menerus terhadap infrastruktur kritis sangat penting. Identifikasi dan tangani kerentanan dengan cepat untuk mengurangi risiko eksploitasi oleh kelompok hacktivis.
Autentikasi Multi-Faktor (MFA): Implementasikan MFA untuk semua akun berhak dan sistem kritis, termasuk RDP dan VNC. Ini menambah lapisan perlindungan terhadap akses tanpa izin.
Perencanaan Tanggapan Kejadian: Kembangkan dan rutin perbarui rencana tanggapan kejadian. Pastikan tim keamanan siap untuk merespons insiden siber dengan cepat dan efektif.

Rekomendasi Strategis

Berbagi Intelijen Ancaman: Dorong berbagi intelijen ancaman regional dan internasional untuk meningkatkan kesadaran terhadap ancaman yang sedang berlangsung. Upaya kolaboratif dapat membantu memprediksi dan mengatasi serangan dengan lebih efektif.
Keterlibatan Diplomatik: Pemerintah seharusnya terlibat dalam diskusi diplomatik untuk menurunkan ketegangan geopolitik. Mengurangi motivasi untuk kegiatan hacktivis dari sumbernya dapat menjadi strategi jangka panjang yang efektif.
Kampanye Kesadaran Publik: Luncurkan kampanye kesadaran publik untuk mendidik warga tentang ancaman siber, termasuk phishing dan disinformasi. Publik yang terinformasikan lebih sedikit rentan terhadap propaganda hacktivis.
Norma dan Perjanjian Internasional: Advokasi untuk perjanjian internasional dan norma-norma mengenai perang siber. Menetapkan aturan yang jelas dalam ranah siber dapat mencegah kelompok hacktivis.

Rekomendasi Manajemen

Pelatihan Keamanan Siber: Investasikan dalam program pelatihan dan kesadaran untuk karyawan dan pejabat pemerintah. Tenaga kerja yang terinformasi adalah pertahanan kritis terhadap serangan rekayasa sosial.
Alokasi Sumber Daya: Alokasikan sumber daya untuk meningkatkan keamanan infrastruktur kritis. Pastikan dukungan anggaran disediakan untuk langkah-langkah keamanan siber yang melindungi layanan penting.
Latihan dan Latihan Rutin: Lakukan latihan keamanan siber rutin untuk menguji rencana tanggapan kejadian dan mengidentifikasi area yang perlu diperbaiki.
Kemitraan Kolaboratif: Fasilitasi kemitraan dengan perusahaan dan organisasi keamanan siber yang dapat menyediakan intelijen ancaman, dukungan tanggapan kejadian, dan keahlian keamanan.

Referensi:

ISRAEL GAZA CONFLICT : THE CYBER PERSPECTIVE - CYFIRMA

EXECUTIVE SUMMARY Various hacktivist groups have targeted critical infrastructure, government agencies, and…

www.cyfirma.com