ISRAEL

GAZA
CONFLICT
THE CYB ER PERS PECTI V E
EXECUTIVE SUMMARY
Various hacktivist groups have targeted critical infrastructure, government agencies,
and organizations in both Israel and Palestine. The attacks include Distributed Denial of
Service (DDoS) attacks, defacement attacks and data breaches. As other countries
take a stand on the war, the conflict has also spread beyond the immediate region,
affecting several other countries. This report provides a concise overview of the
escalating cyber conflict in the Middle East, stemming from recent geopolitical events.
Notably, we engaged directly with threat actors from hacktivist groups to gain a
deeper understanding of their motivations and forthcoming targets.

INTRODUCTION
As cyber conflict advances, the concept of ‘hybrid warfare’ emerges, blending kinetic
and non-kinetic (i.e. digital) operations on the modern battlefield. While traditionally
cyber operations have been non-kinetic, a paradigm shift is looming, as cyber-attacks
on vital infrastructure - like power plants - have the potential to yield tangible, kinetic
outcomes that disrupt local operations, and can lead to extensive chaos and
collateral damage. This type of event has precedent: the Russian invasion of Ukraine
was proceeded by a synchronized disruption of Viasat nodes by a GRU-initiated DDoS
attack, underlining the intertwined nature of modern warfare. With non-state actors
increasingly engaging in disruptive operations, we are observing a similar pattern in the
ongoing conflict between Israel and Gaza.
TIMELINE
October 6, 2023: Cyber Av3ngers, a October 7, 2023: Within an hour of the
hacktivist group, claims responsibility 5000+ missile attack on Israel by Hamas,
for hacking the Noga Independent hacktivist group Anonymous Sudan
Systems Operator and launching (suspected to be of Russian origin)
Distributed Denial of Service (DDoS) launched DDOS attacks on all the alert
attacks. This event marks the applications used for notifying citizens
beginning of cyber activity related about incoming rockets.
to the ongoing conflict.

October 8, 2023: The Israeli government’s official website becomes unreachable

worldwide, and the Russian hacker group ‘Killnet’ claims responsibility for the attack.
They accuse the Israeli government of supporting the "terrorist regime" in Ukraine and
announce that they will target Israeli government systems.

Anonymous Sudan attacks The Jerusalem Post's website, causing it to go offline for
over 2 days. Threat actor Ares Leaks announces that they are willing to purchase data
related to Hamas military group. Furthermore, Cyber Aveng3rs claimed responsibility of
hacking into the DORAD power plant, and ThreatSec claimed to have breached and
shut down Alfanet, Palestine’s largest ISP provider.
October 9, 2023: Hacktivist group; AnonGhost, compromised Israel’s Alert App and sent
threatening notifications by exploiting an API vulnerability in the application. On the
other hand, the cyber branch of the Israel Police’s Lahav 433 unit, along with the help
of Binance, freezes cryptocurrency accounts belonging to Hamas.

October 10, 2023: A threat actor known as "blackfield" announces on a Russian-

speaking forum that they possess data belonging to hundreds of IDF soldiers and
Shabak members, including phone numbers, photos, and personal information. They
may use this data for further targeted attacks and disinformation campaigns.
Blackfield also hints at targeting the US in the near future.

Various pro-Israel and pro-Hamas

hacker groups engage in cyber
activities, shutting down websites and
targeting infrastructure. Cyber
Av3ngers claims to have CCTV
access to Mekorot, the national
water company of Israel, adding to
the list of attacks on industrial control
systems.
October 11 – October 13, 2023: Individuals from various hacktivist groups are looking up
stealer logs added to a central public lookup repository, trying to find valid credentials
to compromise their targets of interest. Hacktivists are interested in servers belonging to:

• The Federal Emergency Management Agency (FEMA),

• The Ministry of Health of Kenya,
• Texas Attorney General,
• The Ministry of Education of Israel,
• Prime Minister's Office,
• Republic of Iraq,
• Alayen Iraqi University,
• Middle Technical University in Iraq,
• Journal of Petroleum Research and Studies (Iraq),
• Bayan University (Iraq).

And more.

October 14, 2023: Cyber Av3ngers announce that they have compromised ORPAK, a
company that provides payment and management solutions for fuel, retail and fleet
businesses in Israel. This was followed by them leaking CCTV footage and data from
multiple gas stations and screenshots of the internal panels using SiteOmat.
October 15, 2023: Hacktivist group
AnonGhost Indonesia claims to leak
the database of a dating and
consolidation project for the Israeli
LGBTQ community - “The Gaydar”
on Pastebin.
 October 16, 2023: Amidst other attacks,
Israeli news websites “All Israel News” and
“Abu Ali Express” were targeted by
hacktivist “YourAnon T13x”. “All Israel News”
took countermeasures that resulted in the
web requests from the hacktivist group
initially getting blocked, however, the
threat actors were able to DDOS the
website again.

October 17, 2023: Hacktivist group AnonGhost dumped a list

of Israeli targets vulnerable to CVE-2023-29489 along with the
exploit. The vulnerability affects cPanel application hosted
commonly on websites. It’s a reflected cross-site scripting
vulnerability that could be exploited without any
authentication by an attacker.
WE SPOKE WI TH A THREAT ACTOR
WHO HAS TAKEN A NEUTRAL STANCE
I N THE ONGOI NG WAR.
In September 2022, Spid3r and the Kromsec group emerged as significant threats to
Iran, both in the digital and real World. They initiated a cyber offensive as part of
Anonymous's #OpIran campaign, responding to the tragic death of Mahsa Amini,
which has placed considerable pressure on the Tehran regime. Spid3r, who was
previously involved in #OpRussia and contributed to the disruption of critical Russian
targets, shared insights on the ongoing war. As stated by Spid3r in previous
conversations, “Turning off unimportant targets for 5 minutes doesn’t work at all – But
DDoS can be effective if you lock a specific target for a long time. For example, let’s
say that the money transfer system of a country’s central bank does not work for 6
hours. Loss is unpredictable”.

(CYFIRMA): Can you please introduce yourself and describe your group's political
stance?
Spid3r (KromSec): Certainly. We are KromSec, a collective of hacktivists. Our primary
goal is to respond to global events and issues through hacktivism. We operate from a
democratic standpoint, firmly against censorship, corruption, human rights violations,
and various modern-day problems. Our group comprises not only hackers but also
activists, writers, and journalists. However, the individuals taking responsibility for our
actions are mostly hacktivist hackers with a background linked to Anonymous.

We were notably involved in Anonymous' OpRussia, and later, we initiated OpIran. Our
activities have targeted various entities, including universities, ministries, national
assemblies, and government systems.

After the protests in France, we hacked the French Ministry of Justice and disclosed
information about hundreds of judges. Unfortunately, our Twitter account and
Telegram channel were suspended due to the French Government's intervention.
You can expect to see more data related to the French Ministry and an important
government system on our channel soon. I hope that gives you a good overview. Feel
free to ask further questions.

CYFIRMA: Can you confirm your group's involvement in the recent cyber-attacks on
the Palestinian Ministry of Foreign Affairs?

Spid3r (KromSec): Yes, it is true that we gained access to their systems. However, we
want to clarify that our intentions are not malicious. We believe that wars are tragic
and should not be supported by any side.
CYFIRMA: What do you plan to do with the data you obtained from the Palestinian
Ministry of Foreign Affairs?

Spid3r (KromSec): Our intention is to reveal any hidden information when we deem it
necessary.

CYFIRMA: Are you acting independently, or are you affiliated with a specific
organization or group?

Spid3r (KromSec): We operate independently.

CYFIRMA: Do you believe that cyber-attacks will extend beyond the Middle East?
There has been significant attention to this issue.
Spid3r (KromSec): In today's world, technology connects everything, including people.
Cyber actions can have a far-reaching impact, and we should consider their potential
consequences.

CYFIRMA: Given the recent Hamas/Israel confrontation, have you heard of any major
actions on the horizon?

Spid3r (KromSec): The media attention on unnecessary DDoS attacks makes us

question their significance. We are monitoring an Israeli group closely, and they have
targeted various .edu.ps websites. Pro-Palestinian Arab groups tend to focus on DDoS
attacks on vulnerable systems or exploit WordPress vulnerabilities or compromised
admin accounts. We respect genuine hacks, but DDoS attacks on insignificant sites for
bragging rights are questionable.

CYFIRMA: How does your group view the ongoing conflict between Palestinian militant
groups and Israel?

Spid3r (KromSec): We believe that the Israeli intelligence services are aware of such
attacks, and it's thought-provoking that they coincide with a time when Netanyahu
lost support from his own people.
CYFIRMA: Do you have a longer-term strategy?

Spid3r (KromSec): It's too early to discuss long-term strategies. The future is uncertain,
and events can change rapidly.

CYFIRMA: What specific targets have you focused on in your cyber-attacks?

Spid3r (KromSec): We always act with consideration for potential consequences on

civilians and critical infrastructure. We don't aim to harm the public.
CYFIRMA: Are there specific demands or conditions your group aims to convey through
these cyber-attacks?

Spid3r (KromSec): We usually communicate our intentions through attack messages or

by contacting the affected system.

CYFIRMA: How do you see your cyber actions fitting into the overall strategy of your
organization or group in this conflict?
Spid3r (KromSec): Our primary focus is on positive intentions. We targeted two
universities, which are prominent in their country and have students who oppose the
current regime. Our goal was to establish a constructive dialogue to prevent the
potential misuse of information by others. Unfortunately, the situation didn't unfold as
we had hoped.

CYFIRMA: Would your group consider engaging in dialogue or negotiations with

relevant parties in the Israel/Hamas conflict to address your concerns without resorting
to cyber-attacks?
Spid3r (KromSec): I don't anticipate such an offer. As for the pro-Israeli group we are
monitoring, we are open to dialogue.

CYFIRMA: Please share your thoughts on the Hamas/Israel conflict and how you think
things will unfold, both on the ground and in cyberspace.

Spid3r (KromSec): The ongoing conflict raises many questions. Is Hamas doing more
harm to Israel or to their own people? The actions taken by Hamas, such as dismantling
pipes from international organizations for infrastructure and repurposing them for
missiles, are concerning. What Hamas is doing is unacceptable, and all Palestinians
suffer as a result. However, this doesn't justify Israel's use of phosphorus gas. The lack of
international response is baffling.

The situation is shrouded in uncertainty. We are closely watching the Middle East,
where complex political games are played behind closed doors. True peace in this
region will only be possible when both Israeli and Palestinian children can sleep without
fear. We believe that diplomacy, rather than escalating tensions through attacks, is the
key to a resolution.

CYFIRMA: You mentioned that your group has some background with Anonymous.
Would you like to share a little about your technical capabilities?
Spid3r (KromSec): While I prefer not to boast about my technical skills, I can confirm
that I am not new to the realm of cybersecurity. Anonymous has provided us with
valuable knowledge and resources.

CYFIRMA: Is there a specific reason you don't want to discuss your skills in detail?

Spid3r (KromSec): I believe that actions speak louder than words, and I prefer to let our
activities demonstrate our skills.
A FEW MONTHS AGO, WE SPOKE WITH A THREAT
ACTOR WHO IS SUPPORTING GAZA IN THE
ONGOING WAR
The conversation below is an excerpt from that interview.
Note: The responses have been slightly modified to improve
readability as English is not their native language

CYFIRMA: We appreciate you taking the time to speak with us. Can you begin by
telling us more about your group, DeltaBoys, and your role within it?
DeltaBoys: We are a group with a long history, and I'm referred to as "anony." We've
had different names in the past, but our recent one is DeltaBoys. We've been involved
in various activities, including penetrating government organizations and exposing their
information.

CYFIRMA: What prompted you to communicate with the media directly?

DeltaBoys: We are regular people who are interested in communication, and we

decided to engage with the media.
CYFIRMA: To introduce you properly, how would you describe your group's activities?
Are you primarily access brokers or involved in other aspects of cyber operations?
DeltaBoys: Our activities were initially in the underground, but about a year ago, we
rebranded as DeltaBoys. We focus on infiltrating government organizations and
disclosing their information.
CYFIRMA: What is your group's technical specialty or passion?

DeltaBoys: For nearly 20 years, we have specialized in penetration and vulnerability

detection.

CYFIRMA: Could you share the origins of your group and what motivates your
activities?

DeltaBoys: Initially, our focus was on exposing corrupt governments, governmental

crimes, and corruption. We were driven by a desire to hold such entities accountable
and make people happier through our actions.

CYFIRMA: Have you collaborated with other groups or formed any affiliations?

DeltaBoys: Yes, we have worked with many groups, although our group's rules often
didn't align with those of other groups. Unfortunately, most well-known groups have
affiliations with security organizations, and it's interesting to note that many hacker
groups have been victims of our actions, resulting in us obtaining and publishing
information about them.

CYFIRMA: Can you tell us about your targets, particularly those related to Israeli
infrastructure, and the ideological reasons behind your attacks?

DeltaBoys: The Israeli government has a history of what we view as wrongdoing and
violence worldwide. Hacking and disclosing their information are a way for us to
express our opposition to their actions. We have targeted many cyber groups from
Israel, identifying their information and operational weaknesses. Their primary goal
often revolves around financial control.

CYFIRMA: We've noticed an increase in web defacement attacks. Can you explain this
and whether it's due to a growth in your group or an increase in sophistication?

DeltaBoys: We are a small but secretive group. Some of our intrusions occur after
thorough information checks on organizations, while others involve sensitive
information and documents. The public hacks typically relate to our older targets.
CYFIRMA: How do you select your targets, and what vulnerabilities or criteria attract
your attention?
DeltaBoys: We have a vulnerability testing lab and identify the latest vulnerabilities. We
also gather information on government targets through our members and by assessing
the level of corruption. Occasionally, we hack ordinary people for fun, particularly if
they are involved in fraud and corruption.

CYFIRMA: Can you share some insights into your tactics and techniques that set you
apart from other threat actor groups?

DeltaBoys: Unfortunately, we cannot disclose our work method, but we achieve

significant results by leveraging zero-day vulnerabilities and exploiting human error. A
single human error in a security organization, for instance, can provide us with access
to the entire organization, including emails, passwords, VPNs, files, virtual networks, and
social networks.

CYFIRMA: Let's discuss the financial aspect. How do you monetize your operations, and
what brings in the most income for your group?

DeltaBoys: We primarily make money through the sale of data and government and
financial access, generating approximately $40,000 per month. This income supports
our operations, but it's important to distinguish between hackers and financial
fraudsters who steal from ordinary people's databases. We are not thieves.

CYFIRMA: What are your near-term and long-term ambitions as a group?

DeltaBoys: Our goal is to create a powerful group that transcends sect, religion, and
racism. We aim to fight against corrupt politics, racism, and corruption while defending
human rights. We believe that all human beings have equal rights, and we strive to
uphold them.

WE SPOKE WITH A THREAT ACTOR WHO IS

SUPPORTING ISRAEL IN THE ONGOING WAR
(CYFIRMA): Can you please introduce yourself? How would you describe yourself in
terms of political stance?

fqw (Owner of GlorySec): My handle is fqw, I am the owner of GlorySec, and I would
also like to state before we get started that most, if not all hacktivist groups have no
idea about the current geopolitics other than what they hear from the media/press.
We aren't black hats like GhostSec or SiegedSec; we actually stand up for what's right,
we attack everybody with a particular reason.

CYFIRMA: Are you acting independently, or are you affiliated with a specific
organization or group?

fqw: GlorySec is a subgroup of a particular darknet cult that we can't go into any
further detail about. However, yes - GlorySec is affiliated with another group.

CYFIRMA: Ok, thanks. Can you confirm your involvement in the recent cyber-attacks
on the Palestinian territory?

fqw: We are currently prioritizing our involvement within the Israel-Palestine conflict, but
we can't go into operational details.
CYFIRMA: How does your group view the ongoing conflict between Palestinian militant
groups and Israel?

fqw: GlorySec members have left, and the owner has left as well to start a new
operation. We have an entirely new team with the same political agenda. We will be
more radical towards terrorists and extremists and those who threaten humanity
without justification. We support Israel in the Israeli-Palestinian conflict and Azerbaijan in
the Azerbaijan-Armenia war. We have worked on #OPArmenia and #OPPalestine and
taken over websites. We have attacked educational institutions in response to attacks
on the innocent.

CYFIRMA: So far, we have seen several cyber groups becoming involved in the recent
Hamas/Israel confrontation. Are you aware of any major actions that may take place?

fqw: We feel that both countries will be severely attacked, but we can't provide
operational details or those of our affiliates.

CYFIRMA: I understand you can't go into too much operational detail about what you
are planning, but can you give us an idea of your group's capabilities or what you
have previously done?

fqw: Our new team is very advanced, with skills ranging from reverse engineering to
network penetration. However, we primarily focus on web penetration testing.
CYFIRMA: Is what you are planning solely a response to recent events in the Gaza Strip,
or does it represent a longer-term strategy?
fqw: It's most likely a longer-term strategy, but our first motivation was the Gaza Strip
attacks.

CYFIRMA: Do you think cyber-attacks will extend beyond the Middle East?

fqw: It depends on the group and the country.

CYFIRMA: Have you considered the potential consequences of your actions on

civilians or critical infrastructure in the affected regions?

fqw: Yes, we have, but we always have a purpose, so we don't take it into critical
consideration.

CYFIRMA: Are there any specific demands or conditions that your group is trying to
convey through these cyber-attacks?

fqw: It depends on the issue. For example, in the Palestine situation, we are trying to
push Palestine out of Israel, although they likely won't listen. Many hacktivist groups are
attacking both sides.

CYFIRMA: How do you anticipate what you are planning will affect the situation on the
ground or the broader conflict? How impactful is it going to be? We've heard some
industrial control systems being attacked; is it in that vein?

fqw: GlorySec isn't like other hacktivist groups that claim they are grey hats, but they
are actually black hats. We always have a purpose when we hack, and we do it to
push a cause. Our actions will likely impact Palestine financially, making them realize
they need to back out. There have been some attacks on industrial control systems.

CYFIRMA: What are your views on Iran, who are widely known to fund Hamas? Isn't that
an attractive target?

fqw: We have looked into Iran, and that is our next operation after Palestine. We also
have a few people already working on Iran, but it's mainly focused on Palestine.

CYFIRMA: Before we wrap up, could you give us an idea of the background of your
group? What makes you all so motivated?
fqw: GlorySec is made up of average citizens, such as cashiers or lawn mowers,
everyday people like you. Our motivation comes from tragedies and events caused by
companies and countries, like the wrongful invasion of Palestine. We are fighting for
justice.

CYFIRMA: Thanks for chatting. If you want to say anything else, always feel free to
reach out!
 ETLM ASSESSMENT

Adversary Infrastructure
Cybercriminals, Hacktivists, APTs Private botnets, Bulletproof VPS,
Booters/Stressers, Compromised
RDPs/VNCs

Targets/Victims
Pro-Gaza hacktivists are collectively targeting countries such as India, Egypt, Kenya,
France, Germany, Italy, United Kingdom, and the United States (other than Israel).
On the other hand, Pro-Israel hacktivists are targeting Iran, Iraq, Saudi Arabia,
Lebanon and Qatar (other than Palestine and Gaza).

Capabilities
Most of these groups are disorganized and are looking to spread their propaganda
using DDOS and defacement attacks. However, there are a few groups on either
side that can execute more sophisticated attacks.

Throughout this period, CYFIRMA has observed an increasing number of

cybercriminal groups entering the conflict, targeting infrastructure on both sides.

• 23 Groups - Pro-Israel
• 103 Groups - Pro-Palestine
• 4 Groups – Neutral

Note: This information is subject to change due to the dynamic nature of events.
THREAT ACTORS

Pro-Israel Hacktivists/Groups
1. Anonymiss

2. Anonymous India

3. Anonymous Israel

4. AresLeaks

5. Arvin

6. Cyber Club (Support)

7. Dark Cyber Worrior

8. Garuna Ops

9. Gaza parking lot crew

10. GlorySec

11. GonjeshkeDarande

12. ICD- Israel Cyber Defense

13. Indian Cyber Force

14. Indian Darknet Association

15. IT ARMY of Ukraine

16. Kerala Cyber Thunders

17. Kerala Cyber Xtractors

18. Silencers_of_evil

19. SilentOne

20. Team NWH Security

21. TeamHDP

22. Termux Israel

23. UCC Team

Pro-Gaza Hacktivists/groups

1. 4 Exploitation
2. 1915 Team
3. ./CsCrew
4. ./Tea Party
5. Aceh About Hacked World
6. AnoaGhost
7. AnonHamz
8. AnonT13x Group
9. Anonymous 070
10. Anonymous Indonesia
11. Anonymous Morocco
12. Anonymous Russia
13. Anonymous Sudan
14. Arab Anonymous Team
15. ASKAR DDOS
16. Awham
17. Bandung Cyber Team
18. Bangladesh Civilian Force
19. Black Security Team
20. Blackshieldcrew MY
21. Boom Security
22. Cubjrnet7
23. Cscrew
24. Cyb3r Dragonz Team
25. Cyber Error Team
26. Cyb3r Gang
27. Cyber Sederhana Team
28. CyberActivism
29. Dark Storm Team
30. DumpDataBase
31. Dragonforce Malaysia
32. Eagle Cyber Crew
33. Electronic Tigers Unit
34. End Sodama 71. Panoc team
35. Esteem Restoration Eagle 72. Royal Battler BD
36. F7 Xpl0it3r 73. Russian tools
37. Fr3dens of Security 74. Siber Team
38. Ganosec team 75. Siegedsec
39. Garnesia Team 76. Skynet
40. Gb Anon 17 77. StarsX Team
41. Ghost Clan Malaysia 78. Storm-1133
42. GhostClan 79. Stucx Team
43. Ghost Hunter Illusion 80. Sukowono Blackhat Team
44. GhostSec 81. Sylhet Gang-SG
45. Hacktivism Indonesia 82. Synix CyberCrimeMY
46. Hizbullah Cyb3r Team 83. Systemadminbd Official (BCF)
47. IndoGhostSec 84. Team Anon Force
48. Islamic Cyber team | Indonesia 85. Team Azrael Angel of Death
49. islamic hacker army 86. Team Herox
50. Jateng Cyber Team 87. The key40
51. JATIM RedStorm Xploit 88. Team R70
52. KEP TEAM 89. Team R
53. khalifah cybercrew 90. Team_insane_Pakistan
54. Khan cyber Army 91. Teng Korak Cyber Crew
55. KillNet 92. The Ghost Squad
56. Kingman world official 93. The White Crew
57. Kuningan Exploiter 94. Toyonzade
58. LGH 95. Turk Hack Team
59. Malaysia cyber defacer 96. TYG Team
60. MeshSec 97. TYG Team
61. Milad Hacking 98. UserSec
62. M.H.T 99. VulzSec
63. Moroccan Black Cyber Army 100. WeedSec
64. Moroccan Defenders Group 101. x7root
65. MrWanz 102. Yemen Legions Team
66. Muslim Cyber Army 103. YourAnon T13x
67. Mysterious Team Bangladesh
68. xNot_RespondinGx
69. Pakistan Cyber Hunter
70. Pakistani Leet Hackers
 Groups targeting other countries that
are supporting Israel

• Anonghost
• Cyber Av3ngers
• Deltaboys
• GhostSec
• Ghosts of Palestine
• Killnet
• Storm-1133

Neutral Groups
1. Cyber Army Of Russia
2. DUNIA MAYA TEAM
3. KromSec
4. ThreatSec

APTs
Given how APT groups usually operate, we have not observed any confirmed activity
yet. However, it is highly likely that they will attempt to take advantage of the situation
to carry out more sophisticated attacks than we have seen so far from other groups.
Below is a list of groups that have a history of targeting Israel:

1. DEV-0270 8. RUBIDIUM
2. Arid Viper, APT-C-23 9. APT32
3. POLONIUM 10. APT33
4. DEV-0133 11. APT34
5. DEV-0227 12. APT35
6. DEV-0343 13. APT39
7. Storm-1084 14. Moses Staff

Note: We would like to extend our gratitude to the cybersecurity community,

especially CyberKnow's CyberTracker and FastFire's Repository.
CONCLUSION
Since the initial attack by Hamas, CISA is “in very close contact” with the Israeli
National Cyber Directorate to share intelligence. US President Joe Biden is scheduled
to embark on a trip to Israel, followed by Jordan, where he will engage with both Israeli
and Arab leaders. On the other hand, Iran's Foreign Minister, Abdollahian, has issued a
warning about the possibility of Iran and its allies taking "preemptive action" in the near
future in response to Israel's attacks on Gaza. The Israeli-Palestinian conflict saw a
significant escalation in cyber attacks by hacktivist groups and threat actors from
various regions, targeting government websites, education and media sector,
billboards, power plants, alert systems, and even sensitive military information. The
involvement of these cyber actors added a new dimension to the ongoing conflict,
highlighting the vulnerability of nations to cyberattacks in times of elevated tensions. As
the situation began to unfold, it became clear that cybersecurity would play a critical
role in this complex and long-standing conflict. The ongoing war has cost a lot of
innocent lives on both sides.

RECOMMENDATIONS
Tactical Recommendations
• Enhance DDoS Mitigation: Given the prevalence of DDoS attacks in this cyber
conflict, organizations and governments should invest in robust DDoS mitigation
technologies and strategies. Employing real-time traffic analysis and traffic
scrubbing can help minimize service disruptions.
• Regular Vulnerability Scanning: Continuous vulnerability scanning of critical
infrastructure is crucial. Identify and address vulnerabilities promptly to reduce the
risk of exploitation by hacktivist groups.
• Multi-Factor Authentication (MFA): Implement MFA for all privileged accounts and
critical systems, including RDPs and VNCs. This adds an extra layer of protection
against unauthorized access.
• Incident Response Planning: Develop and regularly update an incident response
plan. Ensure that security teams are well-prepared to respond to cyber incidents
swiftly and effectively.
Strategic Recommendations
• Threat Intelligence Sharing: Encourage regional and international threat
intelligence sharing to improve awareness of ongoing threats. Collaborative
efforts can help predict and mitigate attacks more effectively.
• Diplomatic Engagement: Governments should engage in diplomatic discussions
to de-escalate geopolitical tensions. Reducing the motivation for hacktivist
activities at their source can be an effective long-term strategy.
• Public Awareness Campaigns: Launch public awareness campaigns to educate
citizens about cyber threats, including phishing and disinformation. An informed
public is less susceptible to hacktivist propaganda.
• International Norms and Agreements: Advocate for international agreements and
norms regarding cyber warfare. Establishing clear rules of engagement in
cyberspace can deter hacktivist groups.

Management Recommendations
• Cybersecurity Training: Invest in training and awareness programs for employees
and government officials. A well-informed workforce is a critical defense against
social engineering attacks.
• Resource Allocation: Allocate resources for enhancing critical infrastructure
security. Ensure that budgetary support is provided for cybersecurity measures
that protect essential services.
• Regular Drills and Exercises: Conduct regular cybersecurity drills and exercises to
test incident response plans and identify areas for improvement.
• Collaborative Partnerships: Foster partnerships with cybersecurity firms and
organizations that can provide threat intelligence, incident response support, and
security expertise.

CYFIRMA is an external threat landscape management platform company. We combine cyber

intelligence with attack surface discovery and digital risk protection to deliver early warning,
personalized, contextual, outside-in, and multi-layered insights. Our cloud-based AI and ML-powered
analytics platform provides the hacker’s view with deep insights into the external cyber landscape,
helping clients prepare for impending attacks. CYFIRMA is headquartered in Singapore with offices across
APAC, US and EMEA. The company is funded by Goldman Sachs, Zodius Capital, Z3 Partners, OurCrowd
and L&T Innovations Fund.