Kinetic conflict, digital battleground: The unseen cyber war in the Israeli-Palestinian conflict

Background: When physical conflict fuels digital warfare

Headlines often focus on the tangible, kinetic aspects of geopolitical conflicts: protests, airstrikes, and ground-level clashes. While these events are the most visible manifestations of the long-running Israeli-Palestinian conflict, they are increasingly shadowed by a parallel, less visible war fought across digital networks. This is the realm of hybrid warfare, where cyber operations are not just an adjunct to physical conflict but a fully integrated component used to achieve strategic goals.

State-sponsored hacking groups, hacktivist collectives, and lone-wolf actors on all sides leverage cyberspace to conduct espionage, disrupt critical services, and wage powerful information warfare campaigns. Every escalation on the ground is almost instantly mirrored by a surge in Distributed Denial of Service (DDoS) attacks, website defacements, and sophisticated espionage attempts. This digital battleground has become as crucial as the physical one for shaping narratives, degrading enemy capabilities, and influencing both domestic and international perception.

Technical deep dive: The tools of a digital war

The cyber operations in this conflict are multifaceted, employing a range of tactics, techniques, and procedures (TTPs) that target government, military, civilian infrastructure, and private citizens alike.

Espionage and advanced persistent threats (APTs)

Nation-state actors are heavily involved in persistent espionage campaigns. Iran-backed groups, such as those Microsoft's Threat Analysis Center tracks as "Mint Sandstorm" (formerly Phosphorus) and "Peach Sandstorm" (formerly Holmium), have a long history of targeting Israeli entities. Their methods often involve sophisticated spear-phishing campaigns, using custom malware to exfiltrate sensitive data from defense, technology, and government sectors. These operations are not opportunistic; they are long-term campaigns designed to gather intelligence that can provide a strategic advantage. On the other side, Israel is widely acknowledged to possess some of the world's most advanced offensive cyber capabilities, though its operations are typically conducted with a higher degree of stealth.

Disruption and destruction: DDoS and wiper attacks

Hacktivist groups, often with loose affiliations and varying levels of skill, are major players in the disruptive aspect of this cyber conflict. Pro-Palestinian groups like AnonGhost and the pro-Israeli "WeRedEvils" frequently engage in tit-for-tat attacks. Their primary weapon is the DDoS attack, which floods a target's servers with junk traffic, rendering websites and online services inaccessible. Targets often include government portals, news media outlets, and financial institutions. While often temporary, these attacks serve as a powerful form of digital protest and can cause significant operational disruption.

More destructive are wiper malware attacks, which have been deployed by state-sponsored actors. Unlike ransomware, which encrypts data for a fee, wiper malware is designed purely to destroy data and cripple systems, often irrecoverably. These attacks represent a significant escalation, moving from disruption to outright digital destruction.

Attacks on operational technology (OT) and critical infrastructure

Perhaps the most alarming trend is the targeting of critical national infrastructure (CNI). These systems, which manage physical processes like water distribution, power grids, and transportation, are prime targets for actors wishing to cause real-world harm. A widely reported 2020 incident saw an attempt, attributed to Iran, to compromise Israeli water facilities by altering chlorine levels in the water supply. The attack was thwarted, but it highlighted the terrifying potential for cyberattacks to cause mass civilian casualties. Such attacks on Operational Technology (OT) and Industrial Control Systems (ICS) breach the barrier between the digital and physical worlds, representing a dangerous new front in the conflict.

Information warfare and psyops

Beyond technical attacks, the battle for narrative is fierce. All sides use social media and state-controlled news outlets to disseminate propaganda, disinformation, and malinformation. AI-generated content, deepfakes, and coordinated bot networks are used to amplify specific messages, sow confusion, and incite real-world action. This psychological operations (psyops) component is designed to demoralize opponents, rally supporters, and manipulate international opinion, making it one of the most effective and pervasive elements of the conflict's cyber dimension.

Impact assessment: A conflict with no borders

The impact of this cyber warfare extends far beyond military and government targets.

• Civilians and private organizations: Ordinary citizens and businesses are routinely caught in the crossfire. Their data is stolen in breaches, their access to essential services is disrupted by DDoS attacks, and they are the primary targets of disinformation campaigns. Tech companies, universities, and NGOs are also prime targets for espionage.
• Government and critical infrastructure: The constant threat of attack forces massive investment in defensive measures. A successful attack on CNI could have devastating consequences, leading to loss of life and severe economic disruption.
• Global spillover: Cyberattacks originating in the region do not respect national borders. Allied nations, multinational corporations, and international bodies can become secondary targets. The TTPs and malware developed in this high-stakes environment are often repurposed and used by threat actors in other conflicts around the world.

How to protect yourself

While the threat of nation-state actors can seem overwhelming, implementing strong security practices can significantly reduce risk for both individuals and organizations.

For individuals

1. Practice media literacy: Be critical of information you encounter online, especially during periods of heightened conflict. Verify sources, check for manipulated images or videos, and be aware of emotionally charged narratives designed to provoke a reaction.
2. Secure your accounts: Use strong, unique passwords for every account and enable multi-factor authentication (MFA) wherever possible. This is your best defense against credential theft.
3. Beware of phishing: Threat actors use geopolitical events as lures for phishing campaigns. Be suspicious of unsolicited emails or messages asking for personal information or urging you to click on a link, even if they appear to come from a trusted source.
4. Enhance your privacy: Use a reputable VPN service to encrypt your internet traffic. This is especially important for journalists, activists, or anyone communicating sensitive information, as it helps protect your location and communications from interception.

For organizations

1. Assume breach mentality: Operate under the assumption that an attacker is already in your network or will be soon. Focus on detection and rapid response, not just prevention. Implement endpoint detection and response (EDR) solutions and conduct regular threat hunting.
2. Patch management: Keep all systems, software, and applications updated with the latest security patches. Many significant breaches exploit known vulnerabilities for which a patch was already available.
3. Network segmentation: Divide your network into smaller, isolated segments. This can limit an attacker's lateral movement and contain the damage if one part of the network is compromised, which is critical for protecting OT environments from IT network intrusions.
4. Incident response plan: Develop, maintain, and regularly test a comprehensive incident response plan. Know who to call and what steps to take the moment a breach is detected to minimize damage and recovery time.