-
The pro-Russian hacker activist group NoName057(16) has begun attacking multiple Israeli sectors, including others, as part of the ongoing Iranian sponsored cyber campaign.
-
The group reported conducting DDoS attacks against several targets in Israel by finding several websites displaying errors to attack since the Ukraine-Russia conflict.
-
Iran’s National Cyber Security Command has issued a warning to citizens to dump foreign apps because the Israeli intelligence agency, The Mossad, may infiltrate.
The hacktivist group has become involved directly by participating in cyber operations supporting Iran’s agenda with other hackers who support this agenda, which is a notable increase from previous activities targeting Israel.
Cybersecurity experts monitoring the situation have suggested that, as the conflict continues to expand into both physical and digital arenas through attacks against various institutions in Israel, we can expect even more nations to participate in that conflict.
NoName057(16) Strikes Israeli Targets
A wave of distributed denial of service attacks on various Israeli entities has been claimed by NoName057(16). Some of the organizations targeted by the group include the Bustan al-Marj Regional Council, the political parties Shas and Noam, the city of Ariel, Budget Car Rental’s operations in Israel, defense contractor Elbit Systems, broadcaster Sting TV, and mobile network provider Hot Mobile.
Screenshots shared on social media show multiple Israeli websites returning a “502 Bad Gateway” error, indicating a loss of service. This is a consistent sign of an attack that fits exactly with how NoName057(16) has conducted these types of attacks against hundreds of different organizations since Russia’s invasion of Ukraine in February 2022.
According to their statement, the hackers were justified in their attacks as they were acting in solidarity with Iranian allies and as retaliation against Israeli aggression.
The overall nature of the operation has changed dramatically. Cybersecurity analysts have been warning for many years that the Israeli-Palestinian conflict could draw international threat actors with much more advanced capabilities than local hacktivists.
The actions of NoName057(16) have confirmed those fears by moving the battlefield from isolated attacks based on local motivations to coordinated attacks by multiple actors on a truly global scale.
Who is NoName057(16)?
Since the full-scale invasion of Ukraine by the Russian Federation, NoName057(16), a Russian hacktivist collective, has gained an unprecedented amount of attention on a global scale. The group’s cyber attacks have primarily targeted NATO member states, European government portals, financial institutions, and operators of critical infrastructure, with a specific emphasis on countries providing political or military support to Ukraine.
As NoName057(16) turns its attention towards the Israeli-Palestinian conflict, it has become evident that the group has a more opportunistic operational attitude. Security analysts state that NoName057(16) collaborates with any anti-Western or anti-Israeli group that would increase its standing in the cyber space.
The group’s participation not only adds additional numbers to the collective’s ongoing attack but also brings an unparalleled level of technical skill and consistency in their organization’s operational performance, effectively elevating the overall level of risk from the cyber attack campaign.
Iran Issues Cyber Warning to Its Own Citizens
Iran’s National Cybersecurity Command reacted to NoName057(16)’s increasing aggressiveness by taking a defensive position domestically. The agency published Notice 2, a public advisory to Iranian citizens urging them to delete and disable all foreign social media and messaging applications from their devices. This occurred following the recent death of Supreme Leader Ali Khamenei.
The command explicitly stated that Mossad was distributing fake updates to infiltrate Iranian networks and prepare for future cyberattacks. Authorities instructed Iranians to delete apps from unknown sources, avoid suspicious links, and download software only from state-approved platforms.
The advisory also warned that “Foreign messaging services provide enemy intelligence services with direct access to their users’ private communications and personal information”.
This advisory’s warning goes as far as to reiterate the long-standing restrictions on use of messaging services such as WhatsApp, Telegram, and Instagram by the Iranian government and redefine common consumption applications as active security threats during ongoing conflicts.
These warnings come as Iran faces increasing cyber pressure from multiple fronts, including from Anonymous hacktivists who have vowed to disrupt the country’s space program, targeting a sector the regime considers a point of national pride and technological achievement.
The convergence of Iranian and pro-Russian hacktivists and Iranian-aligned cyber operations against Israel shows the trends that security experts are increasingly monitoring with alarm, namely that these geopolitical conflicts are increasingly spreading uncontrollably.
Security Experts have also warned that NoName057(16)’s recent entry has expanded this effort from simple disruption to sustained campaigns against critical infrastructure.
Institutions and civilians on all sides of an ongoing conflict must take the implications seriously, as every digital transaction now carries the weight and significance of a borderless conflict.
