Microsoft names Hamas-linked group targeting Israel


The Gaza-based cyber group, tracked by Microsoft as Storm-1133, targeted Israel’s infrastructure ahead of Hamas’ attack on the country.

Storm-1133 targeted Israeli private sector energy, defense, and telecommunications organizations in what Microsoft described as a “wave of activity” from the Palestinian threat actors in 2023.

“We assess this group works to further the interests of Hamas, a Sunni militant group that is the de facto governing authority in the Gaza Strip, as activity attributed to it has largely affected organizations perceived as hostile to Hamas,” Microsoft said.

ADVERTISEMENT

The company outlined the activities of the group in its newly released annual Digital Defense Report, which analyzes the global cyberthreat landscape and covers the period from July 2022 through June 2023.

Aside from Israeli organizations, the Hamas-linked group also targeted entities loyal to Fatah, the dominant Palestinian political faction in the West Bank. Fatah is at odds with the Gaza-based militants and was a target of Hamas cyberattacks in the past.

Microsoft said it observed Storm-1133 attempting to compromise third party organizations with public ties to Israeli targets of interest and demonstrated new techniques to evade detection.

“Throughout 2023, we observed Storm-1133 attempting to deliver backdoors, including a configuration that allows the group to dynamically update the C2 infrastructure hosted on Google Drive. This technique enables operators to stay a step ahead of certain static network-based defenses,” the report said.

The group also engaged in social engineering campaigns, sending tailored phishing messages on social media to targets of interest.

It used newly created LinkedIn profiles to masquerade as Israeli human resources managers, project coordinators, and software developers. According to Microsoft, this was done “to conduct reconnaissance, contact, and send malware to employees at Israeli defense, space, and technology organizations.”

Iran connection

Globally, only Ukraine and the US are targeted more than Israel, which accounted for 38% of the attack volume in the Middle East and North Africa region, according to Microsoft.

ADVERTISEMENT

“Israel remains by far the most-targeted country in the Middle East and North Africa region as a result of Iran’s extensive focus there,” the company said.

Iran, which backs Hamas and engages in anti-Israel activities, was behind increased cyber operations throughout the Middle East, Microsoft said, with Russia driving up attacks in Ukraine, and North Korea and China in South Korea and Taiwan.

“Iran’s cyber-enabled influence operations have pushed narratives that seek to bolster Palestinian resistance, sow panic among Israeli citizens, foment Shi’ite unrest in Gulf Arab countries, and counter the normalization of Arab-Israeli ties,” it said.

According to Microsoft, Iranian and North Korean state actors were increasingly sophisticated in their cyber operations and in some cases started to close the gap with Russia and China.

Iran was also increasingly coordinating its influence operations with Russia, the report said.

Killnet and Anonymous Sudan, both linked to the Russian state, were behind a series of cyberattacks that hit Israeli government and media websites after Hamas launched its attack.