OpIsrael, AKA #OpIsrael on social media and hacking boards, is an annual coordinated cyberattack that encourages activist groups and individual operatives to attack Israeli government and private sector websites using DDoS and other cyberattacks. It takes place every year on April 7, with the original OpIsrael campaign launched in 2013 on the eve of Holocaust Remembrance Day. OpIsrael has since become an annual “event”, where operatives carry out their attacks in protest of the Israeli government’s handling of the Israeli-Palestinian conflict.
Although the first OpIsrael caused no physical damage and was assessed by the Israeli government’s National Cyber Bureau as a failure, it has since evolved into a major cyber threat that keeps every large organization in Israel on its toes. Although the first OpIsrael did no harm, subsequent campaigns managed to harm several organizations over the years. For example, in 2018 databases of commercial companies (containing usernames, email addresses and credit cards) were dismantled and published online.
The attacks carried out during OpIsrael include DDoS attacks, infiltration of databases, advertising and malicious use of information. Exploiting security weaknesses in websites, attackers flood services to disrupt online availability and hack online servers, to steal data and deface websites. In addition, attackers manage to penetrate sensitive databases such as usernames, passwords, email addresses, residential addresses, credit card information and more. The attacks include hacking into social media accounts, SMS and phone fraud, website vandalism such as replacing home pages with offensive phrases, political slogans and more.
What happens during #OpIsrael?
Since its inception, many DDoS threat actors have participated in OpIsrael, using various attack vectors, including Torshammer and other HULK variants, Layer 7 HTTP POST, TCP, UDP, IP-Based, HTTP/S, DNS, NTP, SIP, and more. . Naturally, many of these attacks involve the use of botnets. While many organizations have claimed to reduce the number of successful attacks occurring during OpIsrael, in an effort to lower the overall interest in the campaign, it is clear that as long as organizations continue to use the same dated defense methods and DDoS protection, OpIsrael will continue to claim its cyber victims.
The official claim is that OpIsrael is losing its reputation as a successful operation because pro-Israel hackers have launched counterattacks against the operation, using the platform www.opisrael.com. These counterattacks proved more successful and received more attention than the operation itself. But the harsh reality is that OpIsrael still rages every year, with new targets falling victim to DDoS attacks. Most hacker groups have subgroups based in countries such as India, Malaysia, Singapore, Indonesia and more.
These groups are run by hacktivists, but their levels of professionalism are not coordinated. Some groups appear to be more advanced and sophisticated than others, with one of these groups claiming responsibility for attacking more than 200 Israeli websites during OpIsrael in 2022. Other groups make sure to publish political propaganda posts, threatening videos and hashtag campaigns on social media to encourage other hacking groups to join the campaign .
New attackers are joining #OpIsrael 2023
In 2022, the hacker group DragonForce Malaysia became a major player in the campaign, and in 2023 several groups such as Anonymous Sudan also joined the effort. Several large DDoS attacks were attributed to DragonForce Malaysia in 2022, when the group protested the Israeli ambassador in Singapore with a statement that Israel was willing to work with the Muslim countries in Asia. Later that year, DragonForce Malaysia began a sub-OpIsrael campaign, “OpsBedil” which was launched on 11 April and continued throughout July. OpsBedil prioritized quantity over quality of attacks, with attackers even using TikTok to recruit more participants, taking into account that many attacks would be quickly aborted. But the campaign was not about to slow down.
In the days leading up to April 7, 2023, the official day of OpIsrael, several large DDoS attacks were reported in Israel. These efforts, which are now part of a new “branding”, OpIsraehell, include successful attacks on several major universities in the country, the official website of the Israeli government, a major attack on the Bank of Israel that was partially successful, several unsuccessful attacks on medical facilities. and hospitals, and even an unsuccessful attack on the Mossad site. These attacks were led by a series of videos distributed on social networks and YouTube in English, Arabic and German, in which hacker groups associated with Anonymous threaten Israel, and call for more activists to join the campaign.
the mother #OpIsrael e A New Global DDoS Threat?
OpIsrael of 2023 appears to be shaping up to be one of the most widespread in recent years, with Anonymous Sudan leading the charge. But the main threat that OpIsrael represents is, in fact, the global model. With so many attacks occurring in a short period of time, and with many organizations not yet adequately resilient to DDoS attacks, it is highly likely that despite the low quality of attacks, many will succeed. It only takes one successful DDoS attack to bring down a network and cause severe downtime, and many organizations are simply not prepared for the sheer volume that a campaign like OpIsrael carries with it.
With several successful DDoS attacks on large organizations and government websites, it can be assumed that other global threat actors may be inspired and create several similar campaigns. Currently, a number of hacking groups are running an ‘OP’ campaign against, from their point of view, “aggressive” countries that are in the midst of military conflicts. Besides Israel, these countries include Russia, India and Indonesia
Even with the best DDoS mitigation solution in place, many organizations suffer 75% exposure of their dynamic DDoS attack surface. To gain true DDoS resilience, organizations must continuously discover blind spots and remediate their most relevant DDoS risks, with non-disruptive DDoS testing. RADAR™ is the only solution that detects all DDoS attacks that bypass existing mitigation systems and brings visibility into the surface vulnerabilities of dynamic DDoS attacks through continuous, non-disruptive testing. RADAR is the key to true DDoS resilience, and is a solid roadblock as the OpIsrael campaign and others like it try to push forward, full speed ahead.
Click here to get real DDoS resilience.
.
