During the month of May, increasing tensions in the Middle East resulted in renewed hacktivist operations throughout the region. The digital attacks in May presented a certain level of risk for unprotected sites as threat actors targeted organizations in the telecommunications, financial sectors and government agencies. At the moment, physical actions have deescalated in the region since the last incursion, but digital attacks have persisted into June. Cyber events in the Middle East have become reactionary over the past year; cases of hacktivism in the region typically follow physical or political confrontations.
Download the Complete Alert
#OpsBedil is a hacktivist operation currently targeting several verticals and government agencies in the Middle East. It is the latest digital campaign to target the region and is being conducted by threat actors in Southeast Asia, specifically Malaysia and Indonesia. Attacks performed under #OpsBedil are considered a political response to the Israeli ambassador to Singapore stating in June that Israel is ready to work towards establishing ties with Southeast Asia’s Muslim-majority nations. Malaysia, which is over 60% Muslim and supports Palestine, has a significant presence of hacktivist and Palestinian militants. As a result of this call to establish ties, hacktivists in the region began targeting Israeli assets in June with a series of DoS attacks, data leaks and defacement campaigns. The group condemns the proposal to establish ties and reiterates their ongoing support of Palestine with digital attacks.
The driving force behind #OpsBedil Is DragonForce Malaysia (DFM), a pro-Palestinian hacktivist group located in Malaysia. DFM has also been observed working in collaboration with several other hacktivist groups, including T3S and SBC x PANOC. DFM has a website and a forum where threat actors conduct most of their operational discussions. DFM also has a Telegram channel, but most of the content is repeated throughout the forum and other social media outlets. In addition to leaking content in their Telegram channel, the group has also posted details on Pastebin, AnonFiles and Google Drive.
The threat actors behind DragonForce Malaysia created the domain DragonForce.io on June 11, 2021. The forum claims to already have over 10,000 members and 3,000 discussion threads (at the time of publication). This forum has been the central communication hub for the recent operation, #OpsBedil, but also contains discussion about anonymity, hacking, general technology and education.
Over the last few months, the criminal underground has been experiencing difficulties dealing with the brazen ransomware operators and affiliates who openly conduct business on public forums. Administrators of these forums have been banning those who openly engage in ransomware activity out of fear of losing their servers to law enforcement seizures. Because of this, operators and affiliates are now altering their tone while discussing operational details about ransomware on public forums. They are withdrawing from the public eye, self-governing and running their own platforms. In the DFM forum, there are no rules about conducting malicious activity or moderators that ban users and the only threat to losing their platform is de-hosting.