The Escalating Cyber Front in the Israel-ISISHamas Conflict

The Escalating Cyber Front in the Israel-ISISHamas Conflict

Bar Refael

November 6, 2023

The Escalating Cyber Front in the Israel-ISISHamas Conflict

The Israel-ISISHamas conflict has recently seen an alarming shift from traditional battlegrounds to sophisticated cyber warfare. The advent of numerous hacktivist organizations and state-sponsored entities targeting critical infrastructure and citizen data has signaled the beginning of a new era of warfare in which keyboards and code are becoming as powerful as guns and grenades.

The Advent of BiBi-Linux Wiper

The BiBi-Linux Wiper, a Linux-based malware associated with pro-Hamas hacktivist organizations, is at the forefront of these cyber attacks. According to Security Joes, this malicious program is capable of causing considerable damage, including the destruction of entire operating systems if executed with root privileges. Its distinguishing feature is the renaming of files with the extension “BiBi”, a reference to Israeli Prime Minister Benjamin Netanyahu’s moniker, indicating a politically motivated cyber-attack.

Key Features

  • Lacks Obfuscation: Straightforward yet dangerous, this x64 ELF executable malware is unmasked with no sophisticated protective layers.
  • Multithreading: Enables simultaneous file corruption, escalating the attack’s pace and breadth.
  • Selective Corruption: Skips over critical files like .out and .so extensions, ensuring its continued operation and system destabilization.

Hacktivism and the Israeli Citizenry: The Role of Haghjhoyan and Soldiers of Solomon

In addition, entities such as “Haghjhoyan” and “Soldiers of Solomon” have engaged in doxxing, data dumps, and ransomware attacks during the conflict. These groups have employed social engineering techniques and ‘trojanized’ apps to infiltrate computers, mainly by using popular video games as bait.

Haghjhoyan’s Strategy

  • Social Engineering: Manipulating targets via popular social media platforms with infected game mods.
  • Use of Stealers: Emphasis on Redline Stealer and PrivateLoader for data extraction and further malware deployment.

Soldiers of Solomon’s Approach

  • Customized Ransomware: Announced a specialized ransomware, Crucio, designed to infiltrate and exfiltrate data from key Israeli targets.

State-Sponsored Activities and Cyber Espionage

In addition to hacktivism, there is growing concern about state-sponsored cyber activity. Arid Viper (APT-C-23), a group apparently affiliated to ISISHamas, employs tactics, techniques, and procedures (TTPs) which are consistent with those of state-sponsored actors, indicating a high level of expertise and resources. These include phishing attempts, the deployment of various custom malware, and the ability to record audio and retrieve files from flash devices.

Diversified Arsenal

  • Variety of Malware: Tools like Micropsia, PyMicropsia, and the newly documented Rusty Viper backdoor.
  • Targeted Spying: Focused on extracting sensitive information from defense, government, and law enforcement sectors.

Misinformation: The Invisible Front

Despite these advancements, social media platforms continue to fight against the stream of conflict-related misinformation. Cyberwar is about more than just stealing data or destroying infrastructure; it’s also about controlling narratives and public views, making it a complicated and multi-front conflict.

Conclusion

The conflict between Israel and ISISHamas has expanded into the digital realm and represents a new paradigm in modern warfare and national security. Cybersecurity professionals must evolve their tactics and remain vigilant in the face of this complex threat landscape, where there is a distinction between hacktivists and activists. State-sponsored hacktivists are becoming increasingly ambiguous. Understanding and adapting to this shift from physical to digital confrontations is critical to protecting national interests, national privacy, and global cyber peace.


For cybersecurity experts and enthusiasts, staying abreast of these evolving tactics and implications is not just a professional necessity; it’s a global responsibility. The new battlefront is cyberspace, and the weapons are code and information. Therefore, it’s crucial to remain vigilant, always paying attention and exercising caution. This awareness isn’t just about keeping up-to-date but about actively defending and protecting our digital ecosystems.

Bottomline / Takeaway:

  • Watch for BiBi-Linux Wiper IOCs: Look for files renamed to “.BiBi” and root access exploits.
  • Guard Against Social Engineering & Ransomware: Educate on the dangers of infected mods and implement strong ransomware defenses.
  • Update for New Malware Threats: Include Micropsia, PyMicropsia, and Rusty Viper in threat detection updates.
  • Strengthen Defenses Against Multithreading Attacks: Regularly backup and test file recovery systems.
  • Defend Against Cyber Espionage: Increase vigilance against phishing and advanced persistent threats from groups like Arid Viper (APT-C-23).
  • Fight Misinformation: Be aware of the role of narrative control in cyberwarfare.
  • Adapt Strategy to Blurred Lines in Cyber Conflict: Recognize the merging of hacktivist and state-backed cyber activities, updating cybersecurity strategies accordingly.
Under Cyber Attack?

Fill out the form and we will contact you immediately.

Under Cyber Attack?

Fill out the form and we will contact you immediately.