Cyber Toufan: Pro-Palestinian Hackers Target Israeli Groups in Ongoing Cyber War

A pro-Palestinian hacking group called Cyber Toufan—which means "cyber storm"—has emerged as a growing threat to Israeli organizations amid the ongoing Israel-Gaza conflict.

Over the past year, this group has carried out more than 100 cyberattacks, focusing on Israel’s most critical sectors, including government, defense, finance, and infrastructure. Unlike traditional hackers who are in it for money, Cyber Toufan is politically motivated. Their goal is to disrupt systems, cause confusion, and damage reputations.

The group times its attacks and leaks carefully, often using Telegram and other leak sites to release stolen data. These leaks are not random—they target organizations with direct or indirect connections to Israel, increasing the impact of each breach.

How They Hack

Investigators from cybersecurity firm OP Innovate studied several confirmed attacks and found a clear pattern. Cyber Toufan often gains access by using weak or reused passwords that lack multi-factor authentication (MFA). These credentials are usually linked to third-party services like VPNs and firewalls from Israeli companies such as Bezeq or Partner.

Once inside, the hackers move quietly within the network, using common tools like PowerShell and SMB/Windows Admin Shares—avoiding advanced malware to stay hidden. They often take advantage of poor internal security, including unguarded file servers and even guest accounts with no passwords.

Their methods follow the well-known MITRE ATT&CK framework, covering everything from spying on systems to avoiding detection using legitimate tools.

Often, these hackers go undetected for weeks, only releasing the stolen data at carefully chosen times—usually when it will gain the most attention in the media or align with global political events.

Weak Defenses Help Hackers Succeed

Experts say that Cyber Toufan’s success isn’t just due to their skills—it’s also because many of their targets lack basic cybersecurity measures. Common issues include:

• No centralized logging or audit trails

• Logs being kept for only a day

• No network segmentation, allowing hackers to move freely

Without proper monitoring tools or real-time alerts, many organizations don’t even realize they’ve been hacked until data is already leaked.

What Organizations Can Do

To defend against such politically driven cyberattacks, experts recommend:

• Enforcing MFA for all remote access

• Removing unused or default accounts

• Segmenting networks with strict firewall rules

• Securing file servers with the least-privilege access

• Investing in long-term logging (at least 90 days of log retention)

Cyber Toufan’s attacks show that even basic security oversights can lead to major breaches. Strengthening core cybersecurity practices is no longer optional—it’s essential to protect against modern threats in the digital age of warfare.