Self Assessment

ISRAEL – HEZBOLLAH Explainer

Published On : 2024-09-02
Share :
ISRAEL – HEZBOLLAH Explainer

EXECUTIVE SUMMARY

Since Israel launched its invasion of Gaza following the October 7 Hamas attack on Israel, Israel and Hezbollah have also traded blows on the southern border of Lebanon in a low-intensity conflict. No party appears to want to provoke a full-scale war yet, but many Israeli officials see war as inevitable and moreover, the situation could quickly evolve into war based on mutual miscalculation. It would not be the first time, and there is a risk of serious repercussions in cyberspace.

WHAT HAPPENED LAST WEEK?

This Sunday saw the fiercest exchange of fire yet between Israel and the Hezbollah terrorist movement in Lebanon since the Gaza war began nearly 11 months ago. Israel reported it used approximately 100 warplanes to preemptively attack strategic Hezbollah sites, while Hezbollah stated it fired around 300 rockets and drones at specific military sites in Israel.

Hezbollah said their actions came in response to the assassination of one of their senior commanders; Fouad Shukr by Israel, on the same day that Hamas chief Ismail Haniyeh was killed in Tehran (more information here). They further claimed that they had launched a large number of drones “deep inside Israel and towards a high-value military target”, which was subsequently specified to be the Glilot base near Tel Aviv, where the IDF’s notorious intelligence unit 8200 is based.

Hezbollah later claimed successful strikes on other military targets, including four on the Golan Heights, which Israel has occupied since the 1967 Six-Day War (NB: the area formally belongs to Syria, but forms a crucial natural defence of Israeli territory). Hezbollah has now declared the operation “over and done with”, with their secretary general asserting that the Lebanese can now breathe a sigh of relief after weeks of tension.

Most Western and Israeli media did not appear to cover the attack on Israel, instead reporting on the preemptive strike on Hezbollah. This was resolutely rejected by Hezbollah’s Secretary General Hassan Nasrallah, along with the denouncement of Israeli newspaper reports of a Hezbollah attack on the Ben Gurion Airport. Nasrallah stressed that Hezbollah had no intention of hitting civilian targets or infrastructure, only military bases that were involved in Shukr’s killing. Both sides are clearly trying to control the narrative: to maintain their reputation on the world stage; as propaganda to present the incident as their own victory, and to avoid provoking further reaction that threatens to drag the rest of the Middle East into a wider war.

THREE DECADES OF ALLIANCE WITH HAMAS

Lebanon is the oldest front in the ongoing shadow war between Israel and revolutionary Iran. In response to the Israeli invasion of the south of the country in 1982, a militia was formed by Lebanese Shiites that later became Hezbollah (this was largely transformed into a proxy force for the Iranian Revolutionary Guards). Hezbollah’s direct links with Hamas were not established until a decade later when Israel deported some Hamas and other Palestinian activists in response to terrorist attacks in Lebanon.

Hezbollah and Iran did not hesitate to seize the opportunity to gain influence over Hamas. Prior to the deportation, Hamas’ spiritual leader Sheikh Ahmad Yassin had often denounced the Iranian model of clerical rule, however, Sunni Hamas no longer criticizes Shi’ite Iran, despite having very different ideological backgrounds and ideas about organizing the Muslim world. This was clearly demonstrated during the Syrian civil war – when their good relationship was on hiatus – but cooperation was restored after Yahya Sinwar took power of Hamas.

When Israel was finally forced to let the expelled Palestinians back into Gaza, Hamas operatives used the knowledge they had acquired in Lebanon in a terrorist campaign that grew into the Second Intifada, blocking the Oslo peace process and causing a situation that continues to this day. This situation also brought Benjamin Netanyahu to power, and over time the Israeli spectrum of opinion gradually began to shift to the right, away from acceptance of the two-state solution. Indeed, Hamas arguably prefers an endless religious war to the existence of Israel in Palestine, and its terrorist attacks and suicide bombings during the Second Intifada have had a lasting impact on Israeli-Palestinian relations, including the fencing of the Palestinian territories and the almost continuous rule of the Israeli right over the last twenty years.

At the end of the latest exchange between Israel and Hezbollah, both sides appeared ready to de-escalate, a fact which is taken by many analysts as proof that none of the parties involved want to start an all-out war. Iran appears to acknowledge that starting a war would be disadvantageous (explored in more detail in this report) and Israel would apparently rather concentrate on the war against Hamas in Gaza than wage conflict on multiple fronts. Moreover, the Israelis seem to comprehend that an all-out war – thanks to Hezbollah’s vast stockpile of Iranian missiles – would cause the greatest destruction in Israel’s history, since the founding of the country. Hezbollah also seems to appreciate that open war would bring all of Lebanon, which is already in financial and political crisis, to absolute ruin.

LEGACY OF WAR

The fact that Israel and Hezbollah have been exchanging fire for almost a year without the conflict escalating into open warfare has arguably led many commentators to feel a false sense of security. It is significant to recall, however, that all of Israel’s interventions in Lebanon have had serious unintended consequences, and that the latest cross-border war began with a misjudgment of the adversary’s response.

In 2006, Hezbollah kidnapped and killed several Israeli soldiers on the border, and Israel responded with a devastating military campaign. The Israeli Prime Minister at the time, Ehud Olmert, declared that Israel’s aim was not only to bring home the captured soldiers but also to destroy the Hezbollah militarily.

Within a month, Israel was trapped in a guerrilla war and asked the US to broker a ceasefire. 1,200 people died in Lebanon, and Israel destroyed much of Lebanon’s infrastructure, but Hezbollah was still able to strike Israel, which was a significant problem before the Iron Dome system. Hassan Nasrallah later expressed regret over the devastation that provoked the war brought to Lebanon due to his miscalculation of the Israeli response: the group declared victory immediately after the fighting ended, however, and its popularity throughout the Arab world soared.

After the war, a balance of mutual deterrence was established, and calm was maintained on the border for nearly two decades. In the meantime, Hezbollah has rebuilt, greatly multiplied its arsenal through transfers from Iran and billions of dollars in drug deals, gained political power in Lebanon, and become an ‘army’ of regional importance with influence and fighters in Iraq, Syria, and Yemen.

Since the start of the Gaza war, Hezbollah has suffered heavy losses: more than 350 of its members (including several senior commanders) have been killed in the fighting, while Israel has been violating Lebanese airspace and committing daily raids on its launching positions, personnel and weapons depots. Hezbollah has much to lose if open war breaks out (not least because its targets are not as apocalyptic as Hamas’) and despite heavy losses over the past year, it has arguably shown remarkable restraint in attacking Israel – even though it would not appear that way to civilians on both sides of the border.

Most agree that Hezbollah is much stronger today than it was during the 2006 war, learning from the interim rounds of fighting and updating its tactics to neutralize the Israeli army’s significant conventional superiority. Thus, while former Israeli minister and retired general Benny Gantz recently stated that Israel can destroy Hezbollah’s military strength in a matter of days, it is quite clear that this is not true. Indeed, if such a thing were realistically possible, Israel would arguably have done it long ago.

LEBANON SUSPENDED ABOVE ABYSS

The fact that fire has now been exchanged for nearly a year without broader repercussions, has arguably led to a degree of complacency among policymakers that could itself lead to escalation if insufficient preventative effort is made.

Those looking for an off-ramp for the conflict are likely to be disappointed, especially because Hezbollah has staked its credibility in launching strikes against Israel on a cease-fire in Gaza – a conflict which the Israeli government appears to be prolonging at any cost. Standing down would damage Hezbollah’s standing, and Israel is not likely to tolerate the displacement of 60,000 of its citizens forever. Indeed, Israel’s new ambassador to the UN recently warned that if nothing is done about Security Council resolutions (which Hezbollah has consistently violated with its presence on the border) Israel will be forced to take action.

As columnist Alexander Clarkson wrote earlier this month: “If Western and regional policymakers once again allow complacency to seep into their strategic approach to the Middle East, then they will find themselves pushed aside by those who just want to watch the region burn.”

It could be said that Israel has completely internalized the first-move advantage in its wars, and if mutual deterrence fails, the path is open for war. Israeli Chief of General Staff Herzi Halevi has previously warned Israeli soldiers of the growing chance of conflict against Hezbollah, and if a supercritical number of policymakers decide that war is inevitable, Israel will not wait for a surprise attack by the enemy. Former Israeli Deputy National Security Adviser Chuck Freilich comments, “If you believe that war with Hezbollah is inevitable, as many in Israel already do, then now is the moment.”

Although it would not be in the interest of either side, a wider war between Israel and Hezbollah is thus now increasingly likely. Hezbollah has ensnared itself by linking its ongoing operations against Israel to the war in Gaza. Prime Minister Benjamin Netanyahu, in turn, has a political incentive to escalate, given his desire to avoid his own political demise, and with the constant daily skirmishes between the two sides, there is also a strong chance of provoking unintended consequences by misjudging the other side’s response. Lebanon is therefore now hanging over a precipice as prospects of large-scale war loom.

THE CYBER PERSPECTIVE

Besides the ongoing shadow war and intense cyber espionage campaign by state-sponsored actors, a number of hacktivist groups have joined the fray on both sides of the conflict. Below is a sample of hacktivist activity related to the latent war:

313 Team

The hacktivist group known as 313 Team has been active in supporting Hezbollah, specifically targeting Israeli infrastructure as part of broader cyber operations aligned with pro-Iranian agendas. These attacks are part of a larger, coordinated effort involving multiple pro-Iranian and Hezbollah-affiliated groups, aiming to disrupt Israeli operations both militarily and in cyberspace.

In a recent attack, the 313 team leaked the data of the Israeli company Y.R.T Energy which specializes in the latest energy innovations, and Play65, an online backgammon operator, after posting propaganda denouncing Israel.

Anonymous Guys

Anonymous Guys hacktivists have been trying to target critical infrastructure in Israel, like that seen during a significant cyber-attack on Tel Aviv’s Ben Gurion Airport, one of the country’s main international gateways. The attack rendered the official website of the airport unavailable, causing disruptions in online services, and possibly affecting airport operations. Details about the attackers, the extent of the damage, or any response measures taken have not been fully disclosed, but it highlights the ongoing cyber threats faced by critical infrastructure in Israel.

Moroccan Cyber Forces

Moroccan Cyber Forces, a hacktivist outlet, claims to have hacked an Israeli clinic system. The attackers reportedly accessed sensitive patient data, causing operational delays and raising concerns about patient privacy and the security of medical records. However, the details have not yet leaked.

Khilafah h4ckers

The Khilafah h4ckers hacktivist collective, has restarted its campaign targeting Israeli businesses on August 29th, after the recent flare-up on the Israel–Lebanon border.

DARK WEB RESEARCH

On August 29th, 2024, a threat actor named HikkI-Chan, targeted the Israeli Police in a major data breach that exposed sensitive information about their personnel. The breach compromised both personal and professional records, including detailed profiles of individuals within the police force.

The same threat actor has released a massive data leak in a breach of the Israeli Ministry of Defense, which revealed tens of thousands of documents, emails, and images. The leaked dataset includes communications, financial records, purchase details, technical information, and signed documents, representing a significant and sensitive collection of information. The breach exposed a vast amount of data, raising serious security concerns.

Additionally, a recent breach of the Israeli Ministry of Welfare and Social Affairs database has exposed over 457,000 sensitive records by the same threat actor. The compromised data includes personal details, such as full names, birth dates, and identification numbers.

Network access to the cloud infrastructure of a major Israeli IT company is currently being offered for sale by SoftDeveloper threat actor. The data includes comprehensive access to the company’s VPN network and full Remote Desktop Protocol (RDP) access, which would allow unauthorized users to control systems as if they were physically present. Such access poses severe security risks, including potential data breaches and operational disruptions. The sale of these access credentials suggests a significant threat to the company’s cyber defenses.

The database of the National Insurance of Israel was leaked, compromising sensitive information. The institution is a cornerstone of the country’s social policy and social insurance system,

A threat actor is offering full network access to servers containing 80TB of highly sensitive data related to Israel’s critical infrastructure. This includes comprehensive details on water, oil, gas, power, and electricity projects across various Israeli regions and government sectors. The servers also store SCADA system data, sensitive diagrams with specific coordinates for infrastructure projects and pipelines, and complete databases containing customer, financial, and other classified information. The sale of this access poses a significant security risk to Israel, potentially compromising national security and public safety.

A threat actor has sold full network access to an Israeli financial software and technology company, one of the oldest providers of retail business management software, cash registers, and integrated systems for ERP and bookkeeping. The sale includes Command and Control (C2) access with administrator privileges, posing a significant threat to the company’s systems and data integrity.

Ransomware Attacks on Israel

Israel has also faced significant cybersecurity challenges, including notable ransomware attacks:

Handala

On August 29th, the threat actor Handala successfully hacked Appletec Ltd., a company affiliated with the Ministry of Defense, responsible for designing sensitive electronic and optical systems for the regime’s military industries. Appletec’s clientele includes major defense contractors such as Rafael, Elbit, and Elisra, as well as the Air Force. By breaching Appletec’s systems, Handala claims to have managed to obtain and potentially expose a significant amount of confidential data, which could compromise the security of numerous military projects and partnerships.

BrainCipher

Prof. Bein & Co., a reputable law firm in Israel accessible via beinlaw.co.il, recently fell victim to a cyber-attack by the BrainCipher Ransomware group on August 21st, 2024. The attackers reportedly stole 15GB of confidential data from the firm.

CONCLUSION

There already is a simmering low-level cyber war ongoing on the sidelines of the conflict between Israel and Hezbollah. In case of a full-scale war between Israel and Hezbollah, all bets would be off, and every hacktivist and state actor in the region would be incentivized to cause maximum damage, opportunistically choosing targets.

Pro-Palestine hacktivist groups are highly likely to significantly ramp up DDoS attacks on organizations in Israel, as well as on those with perceived links to Israel (e.g. the USA), as well as Muslim countries perceived as not doing enough to oppose Israel. Iran might enable some groups to go after government services, energy, banking, finance, and telecommunications in countries considered hostile, but Iran itself is not ready for potential cyber retaliation from Israel or its allies and may prefer to outsource some of its state-driven cyber campaigns to smaller groups outside its territory.