December 2, 2023

Researchers have found potential indicators of cooperation between the Palestinian militant group Hamas and one of many longest-running teams of Arabic-speaking hackers.

In keeping with a report printed Thursday by researchers at Recorded Future, Hamas has allegedly turned to operators outdoors Gaza and “third events” to maintain a information web site linked to its army wing, Al-Qassam Brigades, on-line throughout the warfare with Israel.

A number of days after Hamas’ first main assault on Israel, a Telegram channel utilized by Hamas members and supporters introduced the launch of an app linked to Al-Qassam Brigades.

The app was launched to get Hamas’ message out, the researchers mentioned. Recorded Future Information is an editorially unbiased unit of Recorded Future.

Operating an internet site or an app in Gaza is hard — Israeli airstrikes broken its web infrastructure and brought on energy outages. The area can also be beneath fixed assault from politically-motivated hackers who intention to disrupt its important companies and web sites, the researchers mentioned. Some suppliers have possible declined to host web sites related to Hamas.

Hamas is believed to be working across the concern by sharing its infrastructure with those that will help preserve it working. Following the key assault on Israel, the operators of the Al-Qassam Brigades web site saved it on-line by transferring it between a number of totally different infrastructure suppliers.

The researchers analyzed this infrastructure and located suspicious redirects to the Al-Qassam Brigades web site and equivalent Google Analytics code related to the web site area and about 90 different domains.

The researchers have been capable of establish the alleged operators of two clusters of those domains.

The primary cluster used related registration strategies as a hacker group referred to as TAG-63, which can also be tracked as AridViper and APT-C-23. It’s a state-sponsored cyber espionage group recognized for focusing on Arabic-speaking people within the Center East. The group is believed to function on behalf of Hamas.

The second group of domains was suspected to be linked to Iran. It featured a number of subdomains with names containing references to Iran, together with Farsi phrases like “director” and “comrade.”

One Iran-linked web page was additionally used to impersonate the World Group Towards Torture (OMCT). The researchers could not verify if this web site had been utilized by hackers for phishing or social engineering assaults.

Iran maintains shut ties with Hamas, and the Iranian Quds Power, a unit specializing in unconventional warfare and army intelligence, is the one confirmed entity from Iran recognized to supply cyber help to Hamas and different Palestinian menace teams, based on Recorded Future analysis.

Although there’s not quite a lot of proof of cooperation between either side, this report provides a glimpse into how these teams may assist one another, based on the researchers.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

No earlier article

No new articles

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information primarily based in Ukraine. She writes about cybersecurity startups, cyberattacks in Japanese Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been printed at Sifted, The Kyiv Unbiased and The Kyiv Put up.