CLASSIFICATION: Unclassified / Open Source

Executive Summary

Israel Cyber Defense (ICD) appears in multiple threat-intel roundups as a pro-Israel hacktivist entity / channel active since at least October 2023, cataloged alongside other pro-Israel banners that mobilized online during the Gaza/Israel war and subsequent Iran–Israel cyber escalations. Public evidence shows presence and activity as a Telegram channel and mentions in curated lists of groups engaged in DDoS/defacement narratives, but direct, independently verified operations specifically attributable to ICD are limited in open sources. ICD should therefore be treated primarily as an amplification and coordination node within the pro-Israel hacktivist ecosystem, with low demonstrated technical capability and media/propaganda value as its main impact vector. Confidence: medium-low (multi-source listings; sparse first-party forensics).

• Positioning. Listed by DarkOwl, SOCRadar, Flashpoint, CYFIRMA and Trustwave/SpiderLabs among pro-Israel groups active in the 2023–2025 conflict period; ICD is specifically referenced by name (often as “ICD – Israel Cyber Defense”).
• Footprint. A Telegram channel presence is observable in third-party indexing (handle variants like @icyberdefence), consistent with other pro-Israel banners that use Telegram for claims, “ops” broadcasts, and re-posts.

• Objectives (observed ecosystem). Counter-messaging vs. pro-Hamas / pro-Iran hacktivists; visibility and morale for the pro-Israel audience; potential mobilization for nuisance-level actions (DDoS/defacement claims) typical of the broader milieu. INFERENCE (medium) based on comparative analyses of the Israel–Iran hacktivist front where only “4–5 pro-Israel groups” regularly responded.
• Mode. Media-first posture (lists, threads, infographics, “ops” announcements) more than demonstrable deep intrusions, in line with most hacktivist campaigns during the period.