Attending InfoSec?

OpIsrael Campaign 2022

#OpIsrael Campaign 2022



OpIsrael campaigns started way back in 2013 when Anonymous, the hacktivist cyber organization, launched a coordinated cyber-attack against Israeli websites. The attack dealt no actual damage but since then, every year around April 7th, Threat Actors try to attack various Israeli websites. In the 2019 campaign, over 120 websites were breached by various Threat Actors. The hackers installed a hidden backdoor on the servers that allowed them to erase the site, vandalize it and even use it to infect other users. OpIsrael is a great opportunity for organizations with a political agenda to try and attack Israel in cyberspace. The list of websites attacked includes municipal websites, private organizations, and more.

In this report, we highlight the main threats and findings of our monitoring of the most influential organizations and groups, that might partake in activity against Israel in the upcoming OpIsrael campaign and maps their potential targets and TTPs. The findings are based on monitoring Argos™ platform and several social media accounts and pages of anti-Israeli hacktivists known for participating in former OpIsrael campaigns.

While most of the posts and tweets are only for intimidating and threatening purposes, others were included actionable Israeli IOCs (domains, exploitable IPs, leaked credentials) to encourage others to attack Israel in the upcoming OpIsrael event.

Furthermore, notably, all groups are currently conducting an ‘OP’ campaign not only against Israel, but also against several “aggressive” countries (from their point of view) currently in the midst of military conflicts. The main countries are Israel, Russia, India and Indonesia.

Cyberint found that an influx in the activity against Israel on social media occurred at the beginning of December 2021 when hacktivists began warning Israel about the upcoming OpIsrael campaign, in addition to several Israeli companies from the private sector that had already been hacked.

Lastly, Cyberint recommends reinforcing the security network infrastructure against DDoS attacks and SQL injections as those are the types of attacks that were recognized as commonly used by the hacktivist groups of the OpIsrael Campaign.

Main ‘OpIsrael’ Active Groups

Cyberint identified the main hacktivists groups traditionally participating in the OpIsrael campaigns. Most groups have several branches or sub-groups based on geographic location mainly in Israel, India, Malaysia, Singapore, and, Indonesia. All groups are collaborating and managed by hacktivists but the professionality of the members and their sophistication differs significantly between the different groups.

Some groups seem to be more advanced and sophisticated than others. They often publish very detailed information such as a list of potential targets and give recognition to the Threat Actors over successful cyber attacks in addition to tools for conducting attacks. One of these groups took responsibility for attacking more than 200 Israeli Websites.

Other groups publish mainly political propaganda posts, threat videos, slogans and hashtags to later be used on social media campaigns. Both types of activity can be seen in all groups and aimed to encourage others to attack Israeli websites by providing propaganda alongside multiple lists of domains and exploitable IPs.

Figure 1- Reconnaissance reports on Israeli Websites
Figure 2- SQL injection


  • Cyberint will keep monitoring the mentioned groups throughout the campaign period to identify any activity or additional IOCs that could indicate which are the potential targets in this campaign.
  • As DDoS attacks are a very common technique used by hacktivist groups, is it advised to prepare the security network infrastructure for this type of attack by ensuring the following tools and procedures are set up accurately:
    • Load balancer server that will ensure you do not have any network bottlenecks or single points of failure.
    • Firewall and intrusion detection systems that are able to act as traffic-scanning barriers between networks.
    • Backup servers infrastructure and DDoS response plan in case of a successful DDoS attack.
  • As SQL injection was used lately by Anonimous group in OpRussia campaign, it is advised to prepare the security network infrastructure for this type of attack by ensuring the following tools and procedures are set up accurately:
    • Utilizing parameterized database queries with bound, typed parameters and careful use of parameterized stored procedures in the database.
    • Firewall, WAF, and intrusion detection systems to be able to block any suspicious activity.
    • Endpoint security that ensures network endpoints do not become an entry point for malicious activity.
    • Segregate SQL servers containing sensitive information from SQL servers that are front-facing and receive data from users as much as possible.


Want to speak to our experts?
Contact us!



Israeli websites that might be targeted, Government, banks and E-commerce:

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start