OpIsrael, AKA #OpIsrael on social media and hacking message boards, is an annual coordinated cyber-attack that encourages hacktivist groups and individual perpetrators to attack Israeli government and private sector websites with DDoS and other cyberattacks. It takes place every year on April 7th, with the original OpIsrael campaign launching in 2013 on the eve of Holocaust Remembrance Day. OpIsrael has since turned into an annual “event”, with perpetrators performing their attacks in protest against the Israeli government’s conduct in the Israeli-Palestinian conflict.
Although the first OpIsrael didn’t cause any physical damage and was assessed by the Israeli Government’s National Cyber Bureau to have been a failure, it has since evolved into a major cyber threat that keeps every major organization in Israel on its toes. Despite the first OpIsrael failing to cause any damage, the following campaigns managed to hurt several organizations throughout the years. For example, in 2018, databases of commercial companies (containing usernames, email addresses, and credit cards) were broken down and published on the network.
The attacks that are carried out during OpIsrael include DDoS attacks, penetration to databases, publication, and malicious use of information. Utilizing security weaknesses in websites, attackers flood services to cause disruption in online availability and hack online servers, to steal data and deface websites. In addition, attackers manage to penetrate sensitive databases such as usernames, passwords, email addresses, residential addresses, credit card details, and more. The attacks include hacking of social media accounts, SMS and phone fraud, and site vandalism such as replacing homepages with offensive phrases, political slogans, and more.
What Happens During #OpIsrael?
Since its inception, many DDoS threat actors have participated in OpIsrael, using various attack vectors, including Torshammer and other HULK variants, Layer 7 HTTP POST, TCP, UDP, IP-Based, HTTP/S, DNS, NTP, SIP, and more. Naturally, many of these attacks include the use of botnets. While many organizations have claimed to reduce the number of successful attacks occurring during OpIsrael, in an effort to downgrade the general interest in the campaign, it is clear that as long as organizations keep using the same dated mitigation and DDoS protection methods, OpIsrael will continue to claim its cyber casualties.
The official claim is that OpIsrael is losing its reputation as a successful operation because pro-Israeli hackers have launched counterattacks against the operation, using the platform www.opisrael.com. These counterattacks have proven to be more successful and gained more attention than the operation itself. But the harsh reality is that OpIsrael still rages on yearly, with new targets falling victim to DDoS attacks. Most hacker groups have sub-groups based in countries like India, Malaysia, Singapore, Indonesia, and more.
These groups are managed by hacktivists, but their professionality levels are not aligned. Some groups seem to be more advanced and sophisticated than others, with one of these groups taking responsibility for attacking more than 200 Israeli websites during OpIsrael in 2022. Other groups stick to publishing political propaganda posts, threat videos, and hashtags on social media campaigns, to encourage other hacking groups to join the campaign.
New Attackers Joining in #OpIsrael 2023
In 2022, the hacker group DragonForce Malaysia became a major actor in the campaign, and in 2023, several groups like Anonymous Sudan joined the efforts as well. Several major DDoS attacks were attributed to DragonForce Malaysia in 2022, as the group protested Israel’s ambassador to Singapore stating that Israel was ready to work with Asia’s Muslim nations. Later that year, DragonForce Malaysia started a sub-OpIsrael campaign, “OpsBedil” that was launched on April 11th and continued throughout July. OpsBedil prioritized quantity over quality of attacks, with attackers even using TikTok to recruit more participants, taking into account that many attacks will be quickly mitigated. But the campaign wasn’t about to slow down.
In the days leading up to April 7th, 2023, the official OpIsrael day, several major DDoS attacks were reported in Israel. These efforts, which are now part of new “branding”, OpIsraehell, include successful attacks on several major universities in the country, the official Israeli government site, a major attack on the Bank of Israel that partially succeeded, several unsuccessful attacks on medical facilities and hospitals, and even an unsuccessful attack on the Mossad’s site. Leading to these attacks were a series of videos distributed on social media and on YouTube in English, Arabic, and German, in which hacker groups associated with Anonymous threaten Israel, and call other activists to join the campaign.
Is #OpIsrael The New Global DDoS Threat?
It seems that 2023’s OpIsrael is shaping up to be one of the most widespread in recent years, with Anonymous Sudan leading the charge. But the major threat that OpIsrael represents is, in fact, the global model. With so many attacks happening in a short period, and with many organizations still not properly resilient to DDoS attacks, it is extremely likely that despite the low quality of attacks, many will actually succeed. It only takes one successful DDoS attack to bring down a network and cause severe downtime, and many organizations are simply not prepared for the sheer volume that a campaign like OpIsrael carries with it.
With several successful DDoS attacks on major organizations and governmental sites, it is safe to assume that other global threat actors may take inspiration and create several similar campaigns. Currently, several hacking groups are conducting an ‘OP’ campaign against “aggressive” countries, from their point of view, that are in the midst of military conflicts. Other than Israel, these countries include, Russia, India, and Indonesia
Even with the best DDoS mitigation solution in place, many organizations suffer up to 75% exposure of their dynamic DDoS attack surface. To have true DDoS resilience, organizations must continuously uncover blind spots and remediate their most relevant DDoS risks, with non-disruptive DDoS testing. RADAR™ is the only solution that identifies all DDoS attacks that bypass existing mitigation systems and brings visibility into Dynamic DDoS attack surface vulnerabilities through continuous and non-disruptive testing. RADAR is the key to true DDoS resilience, and presents a firm roadblock when the OpIsrael campaign and others like it try to push through, full speed ahead.