INTRODUCTION
CYFIRMA researchers scoured the deep and dark web and observed that pro-Palestine hacktivist groups targeted the Etisalat Egyptian unit in March (Etisalat is a UAE state-owned telecommunication company unit with a multitude of international sites functioning). The month before, systems belonging to Etisalat UAE were encrypted by the LockBit ransomware group, although no data about this incident was discovered on the Lockbit Onion website. Read our report on the hacktivist groups that turned towards UAE and KSA to protest against Middle Eastern countries supporting Israel.
ASSESSMENT
The ongoing conflict between Israel and Palestine has caused nations and hacker groups to take sides, with some pro-Palestinian groups targeting critical infrastructure in Israel and its allies. Recently, Egypt was attacked because its government was accused of delaying humanitarian aid to Palestinian refugees, and in response, the pro-Palestine hacktivist groups carried out a cyberattack disrupting the Cairo official website and the government income tax department. Similarly, Saudi Arabia stepped up arrests of those speaking against Israel, which provoked multiple pro-Palestine hacktivist groups to retaliate.
The pro-Palestine hacktivist group called Anonymous Collective has used DDOS attacks, defacement, and data leaks, with Saudi Arabia’s critical infrastructure also being targeted (namely a DDOS attack on a Saudi electricity company, causing temporary disruptions).
On May 10th, 2024, another group named “TEAM1916” from Afghanistan enacted a DDOS attack on the official website of Dubai.
During our investigations, our team uncovered details regarding a DDoS attack orchestrated by Anonymous Sudan on Etisalat Egypt in the first week of March, resulting in a temporary downtime lasting a couple of hours on the official website of Etisalat Egypt.
Additionally, our findings indicate that Egypt’s infrastructure is under attack by hacktivist groups supporting Palestine. These attacks are believed to be in response to accusations of delaying humanitarian aid to enter Gaza.
The team also found evidence on Breachforums of a user named ‘Arabian9009’ seeking a threat actor capable of providing shell access to Etisalat, a company based in the UAE.
On February 16th, 2024, the LockBit ransomware group encrypted files belonging to Etisalat UAE. However, during Operation Cronos on February 19th, 2024, the UK’s National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI) along with international law enforcement partners, took down the infrastructure used by the LockBit Ransomware, resulting in LockBit losing data from some organizations. Despite LockBit setting a deadline for Etisalat on April 16th, 2024, our team found no evidence of their data on Lockbit’s current online site.
We’ve compiled an additional list of hacktivist groups that have either attacked the UAE or Saudi Arabia in the past or are currently engaging in attacks:
The cyber landscape surrounding the ongoing conflict between Israel and Palestine continues to evolve, with hacktivist groups playing a significant role in the digital war. Our investigation has revealed a range of activities, including distributed denial-of-service (DDoS) attacks, ransomware incidents, and attempts to gain unauthorized access to sensitive systems. Groups supporting Palestine have targeted infrastructure in countries such as Egypt, the UAE, and Saudi Arabia, while others, like LockBit, have sought to exploit vulnerabilities for financial gains.
