According to an analytical report reviewing cyber operations by resistance supporters, it is estimated that about 40 percent of the Israeli regime’s intelligence systems were disrupted or slowed at various points during the two-year war. In addition, large-scale phishing campaigns and DDoS attacks were carried out against energy and telecommunications centers.
The Cyber Information Institute in an analytical report examined cyber operations by resistance groups against Israel following October 7, 2023.
These attacks targeted critical infrastructure, military systems, and official Israeli media, with more than 2,500 coordinated cyberattacks carried out by groups affiliated with the resistance axis over a short period.
Meanwhile, the Israeli regime, with support from Western cybersecurity companies including Microsoft and Check Point, responded to restore digital stability, highlighting the strategic importance of this battle.
Other attacks included penetration of public alert systems, temporary shutdowns of government servers, and disclosure of sensitive military data.
Types of Cyberattacks
From the start of the Al-Aqsa Storm operation on October 7, 2023, for a period of 100 days, cyberattacks between Gaza supporters and Israel were analyzed. The attacks included:
Industrial Infrastructure Attacks (SCADA/ICS systems): Targeting controllers, sensors, and software managing factories, power plants, refineries, electricity networks, and water facilities. Attackers manipulated data and commands to disrupt processes, cause shutdowns, alter safety parameters, or disable critical facilities.
Data Leaks: Unauthorized disclosure of sensitive personal, financial, corporate, or government information. These leaks occurred through hacking, server misconfigurations, or insider disclosures, leading to privacy violations, identity theft, financial loss, reputational damage, and legal issues.
IoT Hacking (Explosion of IoT Devices): Exploiting connected devices (cameras, thermostats, sensors) to control them, steal data, or create botnets. Vulnerabilities include default passwords, poor updates, and hardware/software limitations.
Defacement (Website Hacking): Changing the appearance of a website to display attacker messages or propaganda.
Ransomware: Malicious software encrypting files or systems, demanding payment for restoration. Methods include phishing, exploiting vulnerabilities, or infected downloads.
Distributed Denial of Service (DDoS): Overloading servers or networks with high traffic to make services unavailable. Usually launched via botnets. Effects include temporary website downtime, slow online services, and business disruptions.
Analysis shows that DDoS attacks were the most common but least damaging, while infrastructure attacks, though fewer in number, had the highest impact.
Cyber battles following Al-Aqsa Storm occurred primarily between Gaza supporters and the Israeli regime, with attackers mostly anonymous groups.
The Zionist regime and its supporters: Many anonymous groups were affiliated with the US, the UK, Germany, and Australia.
Hacker Groups Supporting Gaza: Some participated in large group operations rather than acting independently. Analysis included attack volumes, number of participating groups, and probable affiliations.
Timeline of Cyberattacks
October 12–21: Surge in attacks coinciding with Israeli attacks on Al-Shifa and Al-Awda hospitals.
November 6–11: Intensified cyberattacks during assault on Al-Maghazi camp.
November 16–22: Increase during Israeli attacks on Indonesia Hospital and al-Fakhoora school.
November 28–December 7: Temporary Gaza-Israel ceasefire; tensions in Strait of Hormuz, Yemeni attack on US ship, and Israeli strike on Khan Yunis led to renewed cyber assaults.
December 17–30: Following “Predatory Sparrow” hacker group attack on Iran’s fuel distribution and assassination of Seyed Reza Mousavi in Syria, cyberattacks escalated.
January 9–13: ISIL attacks guided by Mossad on the anniversary of General Soleimani triggered further attacks.
Targeted critical infrastructure including water/wastewater systems, power plants, refineries, petrochemical plants, industrial facilities, and smart city management systems through SCADA and industrial automation. Active countries included Yemen, occupied Palestine, the US, Canada, Lebanon, and Iran.
Hacker groups sought personal, governmental, military, and other data, exploiting vulnerabilities to obtain sensitive information.
Despite strong support from the US and NATO countries, Israel remained vulnerable against not only Iran but also groups from Bangladesh, Indonesia, and Yemen. Combined operations by resistance-aligned hackers paralyzed Israeli cyber networks and hindered decision-making.
The report concludes that as cyber technology advances, threats grow in parallel. In today’s polarized world, nations exploit digital domains to compensate for geographic weaknesses and maximize national interests. Developments in AI, automation, machine learning, and Big Data have created a new stage in global political conflicts, where Iranian actors and resistance groups have performed remarkably, demonstrating that resistance remains alive and strategically effective in cyberspace.