During times of conflict, cybersecurity becomes crucial in geopolitics. Offensive cyber operations have become widespread, but the tactics, timing, and objectives of threat actors can vary significantly. For example, with Russia’s invasion of Ukraine, we observed and shared a report on how cyber tactics can support military action.
In our recent report, Israel-Hamas Cyber War: The Primary Tool of Conflict, we present our findings on a different tactical approach and the escalation in offensive cyber operations following the October 7 terrorist attacks. Notably, after the terrorist attacks by Hamas, we noticed an increasing number of cyber operations by Iran and Hezbollah-linked groups that became more focused, concentrated, and aimed at undermining public support for the war, among other objectives.
The current report serves as the latest example of how cyber operations are used as the primary tool of conflict. They offer a lower-cost, lower-risk means for rivals to engage in conflict, gather information, disrupt daily life, and shape public perceptions, all while remaining below the threshold of direct confrontation.
Google has been tracking and protecting users from cyber threat activity before, during, and after the Hamas terrorist attacks on October 7. The current report, based on analysis from Google’s Threat Analysis Group (TAG), Mandiant, and Trust & Safety teams, presents new findings on Iranian-government-backed phishing campaigns, hack-and-leak and information operations (IO), as well as disruptive attacks targeting Iran and Hamas-linked cyber operations.
