Hamas and Hackers: A Potential Collaboration

Alleged Connections Between Hamas and Hackers

Researchers at Recorded Future have unveiled possible links between the Palestinian militant organization Hamas and a longstanding group of Arabic-speaking hackers. The connection has seemingly emerged to support the online presence of a news website affiliated with Hamas’ military wing, Al-Qassam Brigades, amid their conflict with Israel.

Launching an app to spread their message

After initiating a major offensive against Israel, a Telegram channel associated with Hamas declared the introduction of an app linked to the Al-Qassam Brigades. This move aimed to amplify the organization’s narrative and outreach.

Overcoming Obstacles to Stay Online

Running an online platform in Gaza is fraught with challenges. Israeli military operations have inflicted damage on the region’s internet infrastructure, leading to disruptions in power and connectivity. Moreover, politically motivated cyberattacks aim to undermine essential services and websites in the area. Some providers are even reluctant to host websites connected to Hamas.

The Mechanics Behind Keeping the Website Operational

To circumvent these challenges, Hamas has reportedly shared its online infrastructure with entities capable of maintaining its operational status. Following a significant attack on Israel, the operators of the Al-Qassam Brigades website ensured its accessibility by shifting it across multiple infrastructure providers.

Linking the Dots: Evidence of Collaboration

The researchers meticulously analyzed this infrastructure and discovered suspicious redirects to the Al-Qassam Brigades website. Furthermore, they found identical Google Analytics codes shared between the website domain and approximately 90 other domains. This led them to identify two primary operators for these domains.

Connection with TAG-63

The first group exhibited registration techniques akin to those of TAG-63, also referred to as AridViper and APT-C-23. This entity, a state-backed cyber espionage unit, predominantly targets Arabic-speaking individuals in the Middle East and is believed to function on behalf of Hamas.

Suspected ties with Iran

The second cluster of domains hinted at a connection with Iran, featuring multiple subdomains containing Farsi terms like “director” and “comrade.” Notably, one Iran-associated webpage was used to impersonate the World Organization Against Torture (OMCT). The researchers, however, could not confirm whether this site had been utilized for phishing or social engineering attacks. Historical ties between Iran and Hamas are well documented, with the Iranian Quds Force being the only confirmed Iranian entity known to provide cyber support to Hamas and other Palestinian threat groups.

Conclusion: A Glimpse into Possible Collaborations

While concrete evidence of cooperation remains limited, this report offers a snapshot of the potential collaboration between these entities and how they might mutually benefit from such an alliance.