Saher Naumaan
Following Frankenstein (and Friends): Hamas Cyber Operations In and Out Conflict
For over a decade, Hamas has engaged in cyber operations against other Palestine-based groups such as Fateh, as well as against Israeli individuals, the country’s military, and other organisations. These initially encompassed rudimentary, blanket operations, progressing to more tailored social engineering and mobile malware, as well as information operations.
Since Hamas’ attack on Israel on 7 October, there has been speculation about cyber operations from Hamas-linked threat actors, many of which have been active for several years but often absent from reporting on the threat landscape. Several Hamas-linked groups have remained quiet since the recent conflict’s inception – including Arid Viper, SysJoker, and Gaza Hacker Team – likely due to involvement in or preoccupation with ongoing kinetic operations in Gaza. However, one threat group called Frankenstein, continues to be active – in both conventional and possibly unconventional ways.
This presentation will provide context of Hamas cyber operations and history, as well as a look back at the operations (or lack thereof) of Palestinian-nexus, Hamas-affiliated groups in the last year of the Israel-Hamas conflict. We track the technical features of historical and current Frankenstein campaigns, showing their consistencies and their evolutions in infrastructure, malware, and their infection chain. Finally, there is some evidence that through Frankenstein operations, Hamas may have ventured into destructive operations targeting Israel in 2024, which is a significant milestone in the group’s development. The presentation will also identify gaps and put forward unanswered questions about Frankenstein, ending with significant insights into Hamas cyber operations as well as how these sets of activity may progress in future.
Saher Naumaan is a Principal Threat Intelligence Analyst at BAE Systems Digital Intelligence. She researches state-sponsored cyber espionage with a focus on threat groups and activity from the Middle East and North Korea. Saher specialises in tracking actor infrastructure and analysis covering the intersection of geopolitics and cyber operations. She regularly speaks at public and private security conferences around the world. In 2022-2023, Saher was a fellow in the first cohort for the European Cyber Conflict Research Initiative (ECCRI).
