Pro-Israeli Hacktivist Group 'Predatory Sparrow' Reappears

Cyber Security Threat Summary:
A hacktivist group supporting Israel, known as Predatory Sparrow, has resurfaced recently. Last week, the group broke its year-long silence by posting a tweet referencing the ongoing Gaza conflict, warning of its return and sharing a link to a report about the United States sending fighter planes and warships to aid Israel. Predatory Sparrow is recognized as a relatively advanced Israeli hacking operation, and it has a track record of conducting disruptive attacks in Iran, aimed at undermining the Iranian government.

According to Cyberscoop, between 2021 and 2022, Predatory Sparrow conducted two significant operations. In October 2021, they targeted Iran's payment system for fuel pumps, disrupting fuel access and urging frustrated motorists to contact Iran's supreme leader. In June 2022, they struck again, targeting steel facilities linked to the Islamic Revolutionary Guard Corps. During this attack, they released closed-circuit video showing significant damage, demonstrating strategic and professional capabilities.

Predatory Sparrow's sophistication lies in its calculated restraint, signaling its capabilities without fully deploying them. This sets them apart from typical hacktivist groups that engage in less strategic activities. While Predatory Sparrow has not claimed government affiliation, anonymous U.S. defense officials suggested Israeli involvement in the operation against Iranian gas stations. There are also hints of connections to the Israeli government, such as Israeli military leaders investigating leaks related to the attacks on steel facilities.

Additionally, there are indications that the Iranian government views Predatory Sparrow as an Israeli operation. In July 2022, a group known as "Homeland Justice," linked to the Iranian government, used destructive malware and a logo mocking Predatory Sparrow's branding during an operation related to an Iranian opposition group conference in Albania.

Security Officer Comments:
While the main focus of the conflict remains on military operations, various shadowy "hacktivist" groups on both sides have engaged in distributed denial-of-service attacks, website defacements, and triggering false alarms on mobile apps since the fighting began. The presence of state-sponsored hacking groups, hacktivists, pro-Iran information operations, and information operations associated with China indicates that the Israel-Hamas conflict is drawing attention from hacking crews and intelligence agencies worldwide.

Suggested Correction(s):

  • Defense-in-depth strategy: A comprehensive defense-in-depth strategy is crucial to combat APTs. This includes implementing multiple layers of security controls, such as strong perimeter defenses, network segmentation, endpoint protection, intrusion detection systems, data encryption, access controls, and continuous monitoring for Threat intelligence and sharing: Ideally, organizations should actively participate in threat intelligence sharing communities and collaborate with industry peers, government agencies, and security vendors. Sharing information about APTs and their techniques can help detect and mitigate attacks more effectively.
  • Employee education and awareness: Regular security awareness programs, phishing simulations, and training sessions can educate employees about the latest threats, social engineering techniques, and safe computing practices.
  • Incident response and recovery: Despite preventive measures, organizations should have a well-defined incident response plan. This includes incident detection, containment, eradication, and recovery procedures to minimize the impact of APT attacks and restore normal operations.
  • Link(s):