Hamas and Hackers: A Potential Collaboration
Alleged Connections Between Hamas and Hackers
Researchers at Recorded Future have unveiled possible links between the Palestinian militant organization Hamas and a longstanding group of Arabic-speaking hackers. The connection has seemingly emerged to support the online presence of a news website affiliated with Hamas’ military wing, Al-Qassam Brigades, amid their conflict with Israel.
Launching an app to spread their message
After initiating a major offensive against Israel, a Telegram channel associated with Hamas declared the introduction of an app linked to the Al-Qassam Brigades. This move aimed to amplify the organization’s narrative and outreach.
Overcoming Obstacles to Stay Online
Running an online platform in Gaza is fraught with challenges. Israeli military operations have inflicted damage on the region’s internet infrastructure, leading to disruptions in power and connectivity. Moreover, politically motivated cyberattacks aim to undermine essential services and websites in the area. Some providers are even reluctant to host websites connected to Hamas.
The Mechanics Behind Keeping the Website Operational
To circumvent these challenges, Hamas has reportedly shared its online infrastructure with entities capable of maintaining its operational status. Following a significant attack on Israel, the operators of the Al-Qassam Brigades website ensured its accessibility by shifting it across multiple infrastructure providers.
Linking the Dots: Evidence of Collaboration
The researchers meticulously analyzed this infrastructure and discovered suspicious redirects to the Al-Qassam Brigades website. Furthermore, they found identical Google Analytics codes shared between the website domain and approximately 90 other domains. This led them to identify two primary operators for these domains.
Connection with TAG-63
The first group exhibited registration techniques akin to those of TAG-63, also referred to as AridViper and APT-C-23. This entity, a state-backed cyber espionage unit, predominantly targets Arabic-speaking individuals in the Middle East and is believed to function on behalf of Hamas.
Suspected ties with Iran
The second cluster of domains hinted at a connection with Iran, featuring multiple subdomains containing Farsi terms like “director” and “comrade.” Notably, one Iran-associated webpage was used to impersonate the World Organization Against Torture (OMCT). The researchers, however, could not confirm whether this site had been utilized for phishing or social engineering attacks. Historical ties between Iran and Hamas are well documented, with the Iranian Quds Force being the only confirmed Iranian entity known to provide cyber support to Hamas and other Palestinian threat groups.
Conclusion: A Glimpse into Possible Collaborations
While concrete evidence of cooperation remains limited, this report offers a snapshot of the potential collaboration between these entities and how they might mutually benefit from such an alliance.
This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.
This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.