A Gaza-based threat actor known as Storm-1133 has been implicated in a series of cyberattacks targeting Israeli private-sector organizations in the energy, defense, and telecommunications sectors.
Microsoft disclosed these findings in its fourth annual Digital Defense Report, linking the group’s activities to furthering the interests of Hamas, the de facto governing authority in the Gaza Strip. Storm-1133’s campaign involved a blend of social engineering tactics and fraudulent LinkedIn profiles impersonating Israeli human resources managers, project coordinators, and software developers. Their objectives included contacting targets, reconnaissance, phishing, and malware delivery to employees of Israeli organizations.
Additionally, Microsoft observed Storm-1133 attempting to infiltrate third-party organizations with public associations to Israeli interests. To enhance their capabilities and evade detection, the group employed a technique that allowed them to dynamically update their command-and-control (C2) infrastructure hosted on Google Drive.
At the same time, this approach allowed them to stay ahead of certain network-based defenses, according to Microsoft. The revelation coincides with an uptick in hacktivist operations amid the Israeli-Palestinian conflict, including attacks on government websites and IT systems in Israel, the U.S., and India.
The report also highlights a shift in nation-state threats, with a move away from disruptive operations towards long-term espionage campaigns. Nations like the U.S., Ukraine, Israel, and South Korea are emerging as high-priority targets in regions including Europe, the Middle East, North Africa, and the Asia-Pacific.
State actors from Iran and North Korea are demonstrating increased sophistication in their cyber operations, narrowing the gap with actors like Russia and China. These developments are evident in the use of custom tools and backdoors to facilitate persistence, evade detection, and steal credentials.