A new group calling itself Hezi Rash (Black Force in Kurdish) has emerged as a growing power in the world of hacktivism, according to the latest research report from Check Point’s External Risk Management.
This nationalist collective, reportedly established in 2023, uses cyberattacks, primarily DDoS (Distributed Denial-of-Service), to target countries seen as threats to Kurdish or Muslim communities.
Targets and Tactics
Check Point’s research team, led by Cyber Threat Intelligence Analyst Daniel Sadeh, found that Hezi Rash views itself as a digital defender of Kurdish society and ties its operations directly to political and religious issues. They state their goal is to be a “Kurdish national team working to help and protect Kurdish society.” The group is active on Telegram, TikTok, YouTube, and X (formerly Twitter).
Their primary weapon, the DDoS attack, works by flooding a website with overwhelming junk traffic, causing it to crash. The group has claimed responsibility for attacks around the world, including:
- Japan – 23.5%
- Türkiye – 15.7%
- Israel – 14.6%
- Germany – 14.2%
- Iran – 10.7%
- Iraq – 7.5%
- Azerbaijan – 5.7%
- Syria – 4.3%
- Armenia – 3.9%
Notably, they retaliated against Japanese anime sites over a burning Kurdish flag depiction and targeted Israeli platforms during the #OpIsrael campaign, showing the strong role of national symbols and Islamic hacktivist narratives in their motivation.
Researchers documented roughly 350 DDoS attacks linked to Hezi Rash between early August and early October, which is a significantly higher volume than what is typically seen from other hacktivist groups of a similar size in the same time frame.
Key Alliances
Further probing revealed that Hezi Rash does not openly share its exact methods, but it clearly relies heavily on powerful alliances. The group is linked to other well-known hacktivist collectives such as Keymous+, Killnet, and NoName057(16).
This network allows Hezi Rash to likely access capabilities from DDoS-as-a-Service (DaaS) platforms like EliteStress, which are rental services allowing users with little technical expertise to launch attacks.
They also use tools like Abyssal DDoS v3, developed by Mr. Hamza, an anti-Israel hacktivist group. Since these collaborations are often built on mutual gain over shared ideology, the rise of Hezi Rash highlights hacktivism’s shift toward rented DaaS tools, making political disruption easier and them a persistent concern.
To mitigate this threat, organisations are advised to implement strong defences, including using DDoS mitigation services, deploying Web Application Firewall (WAF) challenge pages, and closely monitoring for traffic spikes from residential IPs.
