Mujamma Haraket@MujammaHaraket
I have just published a research article on one of the lesser-known aspects of the Palestinian resistance: its hackers and cyber intelligence operatives. This program, which includes various units like the "Cyber Unit" and “Electronic Warfare Unit," also known as the Islamic Resistance Movement's “Cyber Weapon” was created by Jumʿa al-Ṭaḥla, known as Mohammed al-Deif's right-hand man. It was then furthered by commander Basil Salahiyya until, over the last decades, further cluster-groups like the “Molerats," "Gaza Cybergang, Frankenstein," "WIRTE, and TA402 joined the resistance's digital ranks.
These groups have undertaken numerous important social engineering operations, malware, and espionage missions. The best known include the DDoS attacks executed on various servers within occupied Palestine on 7 October 2023, which allowed for mores successful kinetic strikes and confused/slowed down the occupation's response. But the resistance's cyber units have also, over the last decade, undertaken phishing schemes, created backdoors through Android/Google Play apps, and even successfully hacked the "RedAlert" warning program.
One of the most common and successful method was for hackers to catfish as attractive women on social media sites and compromise occupation soldiers. The targeted occupation soldiers were instructed to install programs named "GrixyApp," "ZatuApp," and "Catch&See" through a direct download link. Once the user installed the application on their mobile device and attempted to launch it, an error notification appeared stating that the application was incompatible with the device; it would then seem as though the application had been removed. In reality, however, the program remained active covertly in the background. The malicious software itself possessed the same functionalities observed in earlier incidents, including exfiltrating files from the device, capturing images remotely, tracking the device’s location, accessing contacts and text communications, and conducting remote audio surveillance through activation of the device’s microphone as a roving listening device. According to the occupation's own military, the resistance managed to compromise numerous military systems during these campaigns.
Following the August 2018 "Israelalert" operation, Clearsky CEO Boaz Dolev admitted that "[...] we discovered the fake websites leading to the download of malicious software. When the app is downloaded, it takes control of the mobile phone and allows the operator to track the device, determine its location, take photos, record audio, and use it to make calls, send messages, and perform any other action the device is capable of. [...] Unfortunately, it appears that if the software has already been downloaded, deleting the app will not help and will not remove the malware from the devices, and the phone will continue to transmit all its data to the operator."
Since al-Aqsa Flood, cluster hacker groups associated with the resistance have undertaken various operations. This article provides an overview of how these units came to fruition and their various critical hacking operations.
