Researchers discovered possible signs of cooperation between the Palestinian military organization Hamas and one of the long-term groups hackers speaking Arabic. According to a report published by the research company Recorded Future, Hamas is believed to have sought assistance from external operators and “third parties” to sustain the operations of its military wing’s news site, al-cassams, during the recent conflict with Israel.
A few days after Hamas launched a major attack on Israel, the group’s members and supporters announced the release of an application connected to al-cassams on their Telegram channel. The purpose of this application was to disseminate Hamas’s message.
Within the Gaza Strip, it is challenging to maintain the functioning of websites or applications due to Israeli airstrikes damaging internet infrastructure and causing power outages. The region is also a constant target for politically motivated hackers seeking to disrupt vital services and websites.
Hamas is believed to have resolved this problem by sharing its infrastructure with outside entities capable of helping to sustain its operations. Following a significant attack on Israel, the al-Kassam website operated between different infrastructure suppliers.
Upon analyzing this infrastructure, researchers discovered suspicious redirects to the Al-Kassam website and identical Google Analytics code linked to the site’s domain and approximately 90 other domains.
The first group of domains employed similar registration methods as the hacker group TAG-63, also known as Aridviper and APT-C-23. TAG-63 is a state-supported cyber espionage group known for targeting Arabic speakers in the Middle East. It is believed that this group acts on behalf of Hamas.
The second group of domains is allegedly connected to Iran. On one of the associated pages, there was an attempt to impersonate the worldwide organization against torture (OMCT). Researchers were unable to confirm whether this site was used by hackers for phishing or social engineering purposes.
Iran has close ties with Hamas, and the Iranian KudS Forces, a unit specializing in unconventional warfare and military intelligence, is the only confirmed Iranian entity known to provide cyber support to Hamas and other Palestinian threats.
While there is not substantial evidence of direct cooperation between the two sides, this report provides insight into how these groups may assist one another, according to the researchers.