Radware assesses with moderate confidence that U.S. universities and financial services may face an increased risk of cyberattacks by pro-Palestinian hacktivist groups including DDoS, defacement and data theft in the coming weeks.
Download
Overview
- Radware assesses with moderate confidence that U.S. universities and financial services may face an increased risk of cyberattacks by pro-Palestinian hacktivist groups including DDoS, defacement and data theft in the coming weeks.
- This assessment is based on recent college campus tensions and protests related to the Israeli-Palestinian conflict, which could potentially motivate retaliatory cyberattacks.
- These cyberattacks aim to disrupt operations and serve as a “cyber price tag" for not aligning with Palestinian interests.
Figure 1: Lulzsec Muslims Telegram post announcing pro-Palestine campaign
Background
KillNet's Reactionary Attacks
On June 14, 2023, the Killnet, REvil and Anonymous Sudan hacker groups announced their plan to launch a major cyberattack on the European financial system. The hackers' motive was political and tied to the ongoing conflict in Ukraine. They aimed to disrupt the financial system by cutting off funds that support Ukraine's military. The alliance reportedly attacked the European Investment Bank.
Figure 2: Tech Monitor report on hacktivist plans to target financial systems
This approach has also been adopted by pro-Palestinian hacktivists, who use distributed denial of service (DDoS) attacks to target institutions in countries that do not align with their geopolitical interests.
Anonymous Sudan's Attack on UK Universities
On February 20, 2024, Anonymous Sudan, a pro-Palestinian hacktivist group, targeted the networks of Cambridge University and the University of Manchester to demonstrate their willingness to attack academic institutions perceived as aligning with Israeli interests.
Figure 3: Anonymous Sudan post claiming attacks on U.K. universities
Figure 4: CNN graphic indicating campus protest arrests
April 2024 Pro-Palestinian Protests
In April 2024, significant organized and orchestrated pro-Palestinian protests occurred at least six universities, including Columbia University, New York University (NYU), Northeastern University and the University of Pennsylvania (UPenn). These protests, largely driven by the ongoing conflict in Gaza and broader Israeli-Palestinian tensions, resulted in over 1,200 arrests of pro-Palestinian activists, most of whom were not university students. Demonstrators demanded that universities cut ties with companies connected to Israel and expressed disapproval of U.S. military support for Israel. Demonstrations started peacefully but soon led to clashes with pro-Israel supporters and required forceful police interventions and many arrests.
Failed Negotiations and Expected Increase in Pressure
On May 6, ongoing negotiations between Israel and Hamas failed after Hamas refused to accept an American proposal to which Israel had reportedly agreed. The Chief of the General Staff of the IDF announced the beginning of the operation to eradicate the terrorist organization Hamas from Rafah. Consequently, the pressure from hacktivists is expected to increase against Israeli entities, particularly against organizations in allied countries and entities supporting Israel.
Threat Actors Likely to Participate
Anonymous Sudan: This group has actively engaged in multiple DDoS attacks targeting various entities, such as Israel’s top oil refinery operator, BAZAN Group, and the Thuraya Mobile Satellite Communications Company. Their attacks have caused significant network disruptions, confirming their capability and intent to leverage DDoS tactics against high-profile targets (Hackread).
Dark Storm Team: Although primarily known for a broader range of cyber activities, this group has claimed responsibility for DDoS attacks against significant targets like John F. Kennedy International Airport in New York. Their operations are indicative of both political and commercial motivations (SecurityScorecard).
Ghosts of Palestine: This hacktivist group has been actively involved in distributed denial of service (DDoS) attacks, particularly targeting Israeli infrastructure. This group is part of a broader movement of cyber activists who have been actively engaging in cyber operations amid the ongoing Israel-Hamas conflict. Their targets have thus far primarily focused on websites of Israeli entities, their Telegram community is closely following the U.S. university's protests and has previously called for attacks on U.S. private and government sectors.
Figure 5: Report on Ghosts of Palestine's call to hacktivism
Potential Targets
The recent pro-Palestinian protests at U.S. universities have targeted a broad range of companies for divestment, especially those with business or investment ties to Israel's military and financial activities. Therefore, it is likely that financial services institutions may be targeted along with universities if perceived as related to Israel. DDoS attacks could aim to disrupt critical systems such as online banking platforms, payment services and trading systems. Successful attacks may result in prolonged service outages, financial losses, reputational damage and erosion of customer trust.
Potential Impact
- Disruption of critical systems and services, such as online banking platforms, payment gateways and trading systems.
- Prolonged service outages, financial losses, reputational damage and erosion of customer trust.
Reasons for Concern
- Activist Aspect: The emotionally charged nature of the Israeli-Palestinian conflict and the recent breakdown in negotiations are likely to fuel hacktivist motivations for disruptive attacks. The mass arrests of pro-Palestinian activists during university protests may further incite retaliatory actions. Ideologically motivated hacktivists may engage in persistent, high-impact attacks aiming for maximum disruption to advance their cause and impose a "cyber price tag" on entities seen as unsupportive of Palestinian interests.
- Geopolitical Aspect: The failure of the Israel-Hamas negotiations has led Hamas to apply maximum pressure on Israel and its allies to expedite the end of the conflict in Gaza, which could result in a Hamas victory. As U.S. universities are now at the forefront of public attention, these hacktivist groups will likely attempt to attack them and amplify the "cyber price tag" narrative. This tactic aims to coerce Israel's allies into pressuring Israel to agree to terms favorable to Hamas, aligning with Hamas's geopolitical objectives in the region.