Hacktivists Launch Coordinated Cyberattacks on 20+ Sectors Amid Iran–Israel Tensions

Following Israeli airstrikes on Iranian military and nuclear facilities in June 2025, over 80 hacktivist groups have launched coordinated cyber operations against Israeli infrastructure.

Pro-Iranian and pro-Palestinian groups dominate this surge, exploiting geopolitical tensions to target government systems, energy infrastructure, and industrial control networks.

Cybersecurity analysts warn that nation-state actors (“faketivists”) are disguising operations within this activity, blurring attribution lines and increasing escalation risks.

Key Groups and Attack Vectors

According to the report, Mr Hamza leads operations using Abyssal DDoS V3 and botnets (Maple, Onyx C2) against Israeli military suppliers like Elbit Systems and energy firms like Paz Oil.

GhostSec employs GhostLocker ransomware and GhostStealer malware to compromise industrial systems, breaching 100+ Modbus PLCs and satellite VSAT devices.

Dark Storm Team leverages the Arthur C2 botnet for DDoS-for-hire services, disrupting Israeli Supreme Court and Ministry of Justice portals.

These groups form alliances like the Z-Alliance and Anonymous Kashmir-Mr. Hamza coalition, amplifying impact through shared resources and ideological narratives.

Faketivism and State-Sponsored Threats

Nation-state actors masquerade as hacktivists to maintain plausible deniability.

Cyber Av3ngers (linked to Iran’s IRGC) deploy the IOControl Linux backdoor to sabotage Unitronics PLCs in water facilities.

Handala Hack Team uses phishing-driven wipers (Hatef for Windows, Hamsa for Linux) targeting Israeli entities like Delek Group.

Conversely, Israeli-aligned Predatory Sparrow employs custom wipers (Meteor, Stardust) against Iranian infrastructure, as seen in the Nobitex cryptocurrency exchange attack.

Emerging Threats and Mitigation

Expect intensified DDoS campaigns against Israeli energy/defense sectors and spillover attacks on U.S./U.K. allies.

Pro-Israeli retaliatory operations (e.g., Predatory Sparrow) may escalate, while hacktivist propaganda amplifies psychological warfare.

Organizations must prioritize:

• Real-time monitoring of ICS/OT systems (e.g., Siemens S7 PLCs)
• Threat-hunting for botnet C2 traffic (e.g., Squid C2, RebirthStress)
• Patching vulnerabilities like F5 exploits, abused by Handala.

This cyber conflict underscores how geopolitical crises fuel digital warfare, demanding agile defense strategies against both ideological hacktivists and state-backed faketivists.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates

The post Hacktivists Launch Coordinated Cyberattacks on 20+ Sectors Amid Iran–Israel Tensions appeared first on Cyber Security News.