Iran’s missile strikes against Israel bolstered by cyberattacks, multiple gangs involved


Prior to Iran’s missile attack on Israel, the pro-Iranian cyber gang named Handala claimed to have breached radar systems and sent 500,000 text messages to Israeli citizens. Iran-sponsored cyberattacks have significantly increased in recent weeks, with multiple hacker groups now also shifting their focus to Israeli targets.

Hackers, who have attacked the Israeli government and private institutions multiple times previously, posted screenshots of an allegedly breached RADA system.

“For the second time, we hacked your radar systems, but this time, it was with a difference! You only have a few hours to repair your radar systems! We started the game! We suggest you run away now...” the gang boasted on Telegram.

There were some inconsistencies with the screenshots provided, as the coordinates on the bottom did not match with the location in Israel and pointed to the La Sagrada Familia, a Gaudi-designed landmark church in Barcelona, Spain. Other coordinates in the screenshots seemed to be from Israel.

iran-gang-attack

In a separate announcement, the gang claimed that it sent more than 500,000 text messages and dumped 5.2TB of data from sensitive conversations after an alleged hack on digital services company 99 Digital.

“People will pay for the crimes and stupidity of your leaders. No doubt your leaders will regret these foolish adventures. Clear the cities, you might see less damage! Don't blink and don't sleep, the chance of escape is less than ten seconds, maybe your city will be chosen,” the translated SMS reads.

According to CyberKnow, a hacktivist tracker on X, it's unclear if this attack against military tactical radar systems had any success. Reducing radar visibility would be beneficial to any Iranian attack.

On Saturday, the Islamic Revolutionary Guard Corps (IRGC) also claimed to have attacked Israeli websites, urging residents to stockpile items and “prepare for war.” the Iran-backed gang “Cyber Avengers” may have been involved in the attacks, which caused power outages in several cities, the Express reported.

During the unprecedented attack late Saturday, Israel, with its allies, managed to intercept “99%” of approximately 350 Iranian missiles and drones. According to ABC News, five missiles struck Israel’s Nevatim Airbase, damaging the main runaway, a C-130 transport aircraft, and several storage facilities.

Gangs diverting attention

According to Israeli officials, the country has seen the number of cyberattacks against it tripling in the past few weeks.

Israel’s Cyber defense chief, Gaby Portnoy, also said that Iranian-linked hacker groups conduct cyberattacks from a disguised IT company in Tehran.

“The attack intensity is higher than ever before with Iranian and Hezbollah groups cooperating to attack Israel in every sector,” he said.

A Check Point report estimates that the Revolutionary Guard and the Iranian Ministry of Intelligence (MOIS) carried out more than 2,000 attacks each in the first week of April. They together operate more than 10 different attack groups, and their malicious activity against Israel has more than doubled.

“Israel is attacked 30% more than anywhere else in the world,” said Gil Messing, chief of staff and head of global corporate communications at Check Point.

A cybertracker from CyberKnow reveals that 65 groups were involved in the campaign against Israel from the 1st to the 8th of April 2024, carrying out DDoS, defacement, and other types of attacks. And there were likely additional groups that did not use the OpIsrael hashtag.

“Expect the groups listed in this cybertracker and possibly others to refocus their efforts on Israel. Already seeing mass declarations – they will try to add to the chaos,” CyberKnow said.

Among the recent victims in Israel were the Golan Regional Council, Levinsky College, and the Israeli Study Center. Hackers managed to use compromised servers to send malicious emails to Israeli media and other organizations.

In March, the hacktivist group ‘Anonymous’ claimed a breach of Israel’s nuclear facility networks in Dimona as a protest against the war on Gaza. Handala claimed to have breached the Viber instant messaging server.