Cyberknow’s Newsletter

Share this post

Cyberknow’s Newsletter
Cyberknow’s Newsletter
IRoX Team declares global Hacktivist attacks to support Palestine
Copy link
Facebook
Email
Notes
More

IRoX Team declares global Hacktivist attacks to support Palestine

Australia named in global campaign

Cyberknow
Oct 20, 2023
1

Share this post

Cyberknow’s Newsletter
Cyberknow’s Newsletter
IRoX Team declares global Hacktivist attacks to support Palestine
Copy link
Facebook
Email
Notes
More
Share

This is an ‘Alert but not Alarmed’ report for countries mentioned.

TLDR

  • IRoX Team has declared a global hacktivist campaign starting on 20 October till 30 October to support Palestine and target countries who support Israel.

  • It is the first time Australia has been mentioned and threatened with cyber attacks as a result of support for Israel.

  • IRoX Team has claimed several breach and leak attacks against India - but it is unclear if these were legitimate.

  • IRoX Team has not posted any claimed Defacement or DDoS attacks, but the creator of the group has conducted DDoS attacks - likely we will see DDoS attacks conducted in this campaign.

  • IRoX Team posts in English, but it appears the creator of the group is a hacktivist claiming to be from Bangladesh.

  • It is unclear is this is a highly-credible threat, but it is worth network defenders being aware of possible attempts on or around the dates named by the group.

  • Based on IRoX Team previous targeting and likely capability the targets will likely be small and medium businesses.

On October 19th 2023 a recently created telegram group calling themselves IRoX Team declared that they would conduct cyber attacks against multiple countries over a 10 day stretch:

All countries other than Australia have been previously targeted or threatened with attacks already since October 7th.

Thanks for reading Cyberknow’s Newsletter! Subscribe for free to receive new posts and support my work.

The group started posting to their current telegram channel on September 22nd and like many pro-Muslim hacktivist groups, they have conducted alleged attacks against India. They have to date posted 10 alleged breach and leak attacks (when a network is breached and data is leaked for free without any financial demand) against Indian organizations. It is unclear if any of these attacks are legitimate.

The group has not claimed any defacement or DDoS attacks - however,the likely creator of the group has conducted DDoS - making it likley we will see DDoS attacks during this campaign.

Some points to note about the group:

  • All their posts are in English, this also includes in comments and discussions with group members.

  • The group claims to be ‘full’ and does not need new members.

  • It is unclear what country the group might be aligned too, but the possible creator of the group has claimed to be from Bangledesh.

At time of writing several currently activity anti-Israel hacktivist groups have amplified the declaration made by IRoX Team:

  • Sylhet Gang-SG

  • Garuda Security

  • Ganosec Team

Is this a credible threat?

It is unclear at this time if this group is capable of conducting the breach and leak attacks they claim against Indian organizations. Breach and leak attacks can be replicated with relative ease in a few ways:

  • The group will search google for any PDFs and Spreadsheets related to an organization, collate them and then release that as breached data - in reality it is open-source data.

  • The group can use previously breached data that is freely available across underground forums and other telegram chats to then put together and claim a breach.

Overall this group has high Intent to conduct cyber attacks, which makes it an ‘alert but not alarmed’ posture until we can get verification on their capabilities

Possible targets

IRoX Team based on historical targeting and possible capabilities will likely target small and medium businesses in the countries targeted. These are organizations that hacktivist groups see as easier targets for attacks.

We will have a better understanding of what alleged attacks the group will try to conduct once the campaign starts on 20 October. It they conduct DDoS attacks then targeting may change to go after critical infrastructure and government as well as small and medium businesses.

Just be prepared that they may begin to claim attacks.

Preparations

A few things to keep an eye out for, these are generalist for any hacktivist activity.

  • Remain vigilante to emails and messages relating to the Israel situation, if this group and others are seeking network access they will leverage the current geopolitical situation.

  • Understand what possible data you have available in open sources, in particular things that look official - such as documents with company letter-heads, if they collate these they might claim they breached your network.

  • Have an understanding of past data breach your organization may have been involved in, so that you can understand if any claimed data is legitimate and where they may have collected it from.

  • Have some form of DDoS protection for your main websites in particular, often the DDoS attacks conducted by hacktivists groups can be mitigated with ddos protection.

  • Keep an eye on https://twitter.com/Cyberknow20 and https://twitter.com/arb0ur as we continue to provide updates. Or, reach out to any vendors you have for more insights.

Thanks for reading Cyberknow’s Newsletter! Subscribe for free to receive new posts and support my work.

1

Share this post

Cyberknow’s Newsletter
Cyberknow’s Newsletter
IRoX Team declares global Hacktivist attacks to support Palestine
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Cyberknow
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More