Cyberattack activity in the Israel-Hamas war has shown a decided lack of sophistication, and researchers warn that nation-state attackers are more involved than originally thought.
That's in stark contrast to state-sponsored advanced persistent threat attacks, which have the potential to disrupt economies, compromise national security, and manipulate geopolitical dynamics.
The Hacktivist Element After the Oct. 7 attacks, hacktivist groups declared their intentions to launch disruptive attacks against Israel, Palestine, and their supporters.
Hacktivists typically do not have a large arsenal of advanced tactics and are more reliant on small-scale efforts, typically employing disruptive distributed denial-of-service attacks to promote a political agenda or idea.
According to Microsoft's Threat Intelligence Center, APT-related activity to the conflict is likely to increase, and organizations need to be prepared.
Hacktivists in the Hands of Nations As the conflict enters its third month, political and technology observers are wondering if this is the stage where nation-state actors take a more central role in the conflict.
Adam Meyers, senior vice president of intelligence at CrowdStrike, says nation-state actors are already involved.
He points at successful attacks - including on a water treatment plant - as evidence that actions initially related to a hacktivist group are those of a nation-state.
Technology from an Israeli-owned company was used at the water treatment plant, which was attacked by the Cyber Avengers group, an Iranian threat actor.
Faketivist groups are created by nation-state actors for deniability, Meyers says, with these fake actors able to conduct intrusions and disruptions, but without any direct attribution to the nation-state.
Meyers points out how an attack on a New York dam that came to light in 2015 highlights a persistent focus on industrial control security.
Other researchers agree with the faketivist concept.
Nation-states may be conducting two types of attack: one that uses faketivist groups to conduct attacks and another for espionage, but avoiding attribution on both.
Read says cyber espionage has been primarily conducted to gain insight into decision-making and help the sponsoring governments make decisions - presumably as to who and where they attack next.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 12 Dec 2023 20:35:17 +0000