Hacktivists Bring OpIsrael Back to Life

Last week, Radware issued a threat alert to highlight the concern that Anonymous operations such as OpIsrael could present a renewed threat to organizations across multiple verticals within the country. This assessment was mainly attributed to the war in Ukraine and geopolitical tensions in and around Israel, spurring a renewed growth in hacktivism and setting the stage for a potential return of mainstream operations in the region.

It appears that potential has materialized. Since issuing the alert, multiple groups of hacktivists have begun ramping up their activity—with moderate impact—in preparation for the 10th anniversary of OpIsrael. Prior to the alert, only a handful of small pro-Muslim groups were seen targeting the country with minimal impact. But over the weekend, things began to escalate as several notorious groups announced their intent to join the operation this year with a round of attacks.

Last month, Mysterious Team Bangladesh, an affiliate of the larger Anonymous collective, was seen launching DDoS attacks against Australia under the Anonymous operation, OpAustralia. Over the weekend, the group of pro-Palestinian hackers based out of India turned their attention to Israel. Along with other groups from Southeast Asia, such as the Vietnam Cyber Army, aka Mr. Dempsey, they began launching dozens of DDoS attacks against multiple organizations across the country.

OpIsrael’s Unexpected Guest

In addition to the groups expected to participate in OpIsrael, one unanticipated group has also joined the operation. Anonymous Sudan, which claims to be an affiliate of the larger Anonymous collective, was previously seen launching DDoS attacks against Australia, Sweden, and Denmark. The group, known to be pro-Muslim, has also been seen operating closely with the pro-Russian hacktivist group, Killnet, over the last few months. Because of this association, several groups affiliated with the Anonymous collective have expressed their frustrations with the group’s claims to be associated with them, declaring that the group is a Russian front. 

Nevertheless, Anonymous Sudan has launched a series of highly impactful DDoS attacks over the last four days, similar to previous operations in Australia and the United States. The group, which is media savvy, typically only targets a single vertical per day. For example, on April 2, after announcing their intent to join OpIsrael, Anonymous Sudan targeted eight medical providers. On April 3, they targeted five government websites. And on April 4, they targeted 10 universities, resulting in a substantial amount of media coverage for the group.

Following the attacks against the universities on April 4 and an escalation of violence in Jerusalem, Anonymous Sudan warned Israel they would launch a renewed wave of DDoS attacks the following day. During the morning of April 5, the group followed through with their threat and launched a series of DDoS attacks that targeted nine media outlets in Israel, resulting in moderate impacts. Over the coming days, we will likely see additional verticals isolated and targeted with DDoS attacks from Anonymous Sudan in the buildup to the main operation on Friday, April 7.

In addition to DDoS attacks targeting organizations in Israel, we have also seen dozens of defacement attacks carried out by 4Explotation, Eagle Cyber Crew, Indian Cyber Force, Anonymous Malaysia, 1919 Team, SynixCyberCrime.My, and AnonGhost Team. These attacks have primarily targeted small and medium-sized businesses across the country and have been leveraged by hacktivists to spread political and anti-Semitic messages, promote OpIsrael 2023, and cause disruption and embarrassment for the victims.

Remain Calm and Stay Vigilant

As OpIsrael approaches, it is important to remember that hacktivists are highly unpredictable, making it difficult for organizations to prepare for potential impact. In addition, associations between hacktivists and other cybercriminals or state-aligned threat groups can be problematic, resulting in more significant cyberattacks and possibly exposing an operation’s true nature or control.

With over a dozen groups announcing their intent to join OpIsrael 2023, organizations in the country need to remain vigilant by closely monitoring changes in the threat landscape and adopting comprehensive cybersecurity measures to protect their resources and reduce the likelihood of being impacted.

To learn more about OpIsrael, read our latest alert: OpIsrael: A Decade in Review.

Daniel Smith

Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center