A sophisticated campaign orchestrated by multiple hacktivist groups has emerged, targeting government portals, financial services, and online commerce platforms across Israel and allied nations.
The coordinated cyber offensive, timed around the October 7 anniversary, demonstrated unprecedented levels of organization and cross-ideological cooperation among geographically dispersed threat actors.
The campaign peaked on October 7, 2025, with over 57 distributed denial-of-service attack claims recorded in a single day, representing a 14-fold increase from the September 2025 daily average.
The multi-pronged assault involved several prominent hacktivist collectives, with Arabian Ghosts leading the charge by claiming responsibility for over 40% of all attack attempts.
Supporting groups included Keymous+, OpIsrael, and notably, NoName057(16), a pro-Russian hacktivist collective that demonstrated the blurring of traditional geopolitical boundaries in cyber warfare.
The participation of Russian-aligned actors in a predominantly pro-Palestinian campaign illustrates how shared adversaries can unite hacktivists from distinct ideological spheres, creating more resilient and far-reaching cyber coalitions.
Radware analysts identified that most attacks remained short-lived but strategically focused on high-visibility targets across critical infrastructure sectors.
The targeting pattern revealed a calculated approach to maximize public impact, with government websites accounting for the largest share of attack claims, followed by financial services institutions and online commerce platforms.
Beyond these primary targets, the campaign extended to education, healthcare, manufacturing and retail sectors, each representing approximately 7% of total attack claims, suggesting opportunistic target selection designed to amplify perceived operational success.
The attackers employed a sophisticated propaganda and coordination infrastructure, utilizing Telegram channels and social media platforms as real-time command centers.
Groups like Sylhet Gang functioned primarily as propaganda orchestrators rather than direct operational actors, leveraging their extensive social media presence to amplify calls for coordinated action and mobilize affiliated networks.
This approach proved highly effective, with the temporal correlation between public mobilization messages and subsequent attack waves demonstrating strong organizational capabilities within the hacktivist ecosystem.
Attack Infrastructure and Persistence Mechanisms
The campaign’s technical architecture revealed advanced coordination capabilities, with threat actors implementing multi-layered verification systems to substantiate their claims.
Participating groups consistently shared check-host verification links as proof of successful disruptions, creating a transparent accountability mechanism that enhanced credibility within hacktivist communities.
This verification approach represented a significant evolution from previous campaigns, where claims often lacked substantive technical evidence.
NoName057(16) extended its operations beyond Israeli targets, conducting simultaneous attacks against German infrastructure while describing Germany as pro-Israeli in its messaging.
.webp "Pro-Russian Hacktivist Group Attacking Government Portals, Financial Services and Online Commerce 3")
The group’s DDOSIA volunteer network facilitated crowdsourced attack capabilities, demonstrating how legitimate volunteering frameworks can be repurposed for coordinated cyber operations.
Historical analysis of NoName057(16) operations shows consistent patterns of leveraging major geopolitical flashpoints to amplify visibility and reinforce ideological messaging, positioning the group as a persistent actor in information warfare campaigns.
The campaign’s persistence mechanisms included server compromises across multiple jurisdictions, with Sylhet Gang claiming to have compromised dozens of Israeli, American and European servers.
According to the group’s statements, they implemented multi-stage infection processes involving system defacement, proof-of-concept file uploads, data exfiltration, and malicious software installation.
However, many of these claims remained unverifiable, highlighting the propaganda-focused nature of some participating groups rather than their technical sophistication.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
