3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Anonymous Israel

Anonymous Israel

ID: 93273492f0bab116f76a31e91852d686
Hacktivist Group Data Leak Channel Hacktivism
Threat types: Hacktivism, DDos Attack, Data Leak, pro-Palestinian
Israel FRA, ISR, MYS, USA
Updated: 2026-03-14
Created: 2026-01-20
Progress: 83% Completeness: 88% Freshness: 70%
Operation zone: France, Israel, Malaysia, United States
Aliases Limited alias preview
AnonymousIsrael IsraelHackers אנ************
Showing 2 of 3 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

Anonymous Israel / Anonymous #OpIsrael Participants is a hacktivist cluster associated with pro-Palestinian Anonymous-branded campaigns targeting Israeli and allied entities. Activity is characterized by DDoS against public-facing services, external web and social-media defacements, and theft/leakage of credentials and personal data from compromised sites. Campaigns are often announced publicly (e.g., 'electronic holocaust') and timed with Gaza conflicts or symbolic dates, with impact skewed toward smaller or less-protected organizations rather than hardened national infrastructure.


Technique Technique name Tactics Evidence
T1491.002 External Defacement TA0040
  • 2015-04-06 — OpIsrael wave: Anonymous and AnonGhost defaced multiple Israeli government and business websites, replacing content with pro-Palestinian messages as part of a coordinated campaign. · ref
  • 2015-04-07 — Media reporting on the April 7 OpIsrael campaign describes dozens of Israeli websites, including a Knesset member's site and other small organizations, being defaced with pro-Palestinian slogans and Anonymous/AnonGhost signatures. · ref
  • 2014-07-31 — CSIDB documents defacement of multiple Connecticut government portals with pro-Palestine messages under an OpSaveGaza/OpIsrael-related campaign attributed to the same hacktivist cluster. · ref
  • 2015-07-13 — Malaysian Police social-media accounts were taken over and profile imagery replaced with ideological content by AnonGhost, cataloged under Anonymous #OpIsrael Participants, demonstrating defacement of external-facing accounts. · ref
T1498.001 Direct Network Flood TA0040
  • 2015-04-06 — CSIDB describes an OpIsrael operation where Anonymous and AnonGhost used DDoS attacks alongside defacements against Israeli government and commercial websites, disrupting availability. · ref
  • 2015-04-07 — News coverage of OpIsrael 2015 notes that pro-Palestinian hackers launched denial-of-service attacks on Israeli sites after Anonymous threatened an 'electronic holocaust' targeting government, military and financial infrastructure. · ref
  • 2015-04-07 — Campaign summaries of #OpIsrael2015 indicate claims of hundreds of sites attacked and DDoS actions advertised under the OpIsrael hashtag, with Israeli sources characterizing impact as limited but noting attempted floods. · ref
T1190 Exploit Public-Facing Application TA0001
  • 2014-09-08 — An OpIsrael-aligned incident lists an Israeli Ministry of Education subdomain being compromised and defaced by AnonGhost, implying exploitation of a vulnerable public-facing web application to alter site content. · ref
  • 2015-05-03 — Red Bull Malaysia’s official website was hacked and defaced by AnonGhost in an attack cataloged under Anonymous #OpIsrael Participants, indicating exploitation of the public-facing site to gain write access to web content. · ref
  • 2015-01-21 — CSIDB records defacement of French Interior/Defense ministry sites by AnonGhost as part of the same cluster; compromise of ministry web properties suggests exploitation of public web applications. · ref
T1589.001 Credentials TA0043
  • 2015-04-06 — A documented OpIsrael campaign against Israeli government and business sites resulted in the leak of personal data for roughly 150,000 Israeli citizens, including names, contact details and other identifying information. · ref
  • 2015-04-07 — Contemporary reporting on #OpIsrael2015 states that attackers claimed to have published phone numbers and addresses for Israeli officials along with other citizen data as part of their campaign. · ref
T1589.003 Employee Names TA0043
  • 2015-04-06 — CSIDB describes the same OpIsrael wave leaking thousands of credentials, including more than 2,000 PayPal logins, as well as account data tied to banks and other financial services in Israel. · ref
  • 2015-04-07 — Hacktivists behind #OpIsrael2015 publicly boasted of leaking large volumes of social media and PayPal credentials associated with Israeli targets, consistent with collection of financial and account identity data. · ref
T1078.003 Local Accounts TA0001 TA0003 TA0004 TA0005
  • 2015-07-13 — The Malaysian Police Facebook and Twitter accounts were compromised and controlled by AnonGhost, changing profile images and messaging; this incident is attributed to Anonymous #OpIsrael Participants and demonstrates abuse of valid web accounts. · ref
  • 2015-04-07 — Reporting on OpIsrael notes that some Israeli Facebook accounts and smaller online properties were taken over and used to spread pro-Palestinian or Anonymous-branded messages, indicating use of compromised valid credentials. · ref
T1585.001 Social Media Accounts TA0042
  • 2015-04-07 — The #OpIsrael2015 campaign used dedicated Anonymous-branded social media accounts (e.g., @Op_Israel) to announce operations, publish results and coordinate messaging, reflecting pre-established hacktivist social-media personas. · ref
  • 2015-03-31 — News outlets covering the 'electronic holocaust' threat reference a video message and Anonymous-branded online channels created to threaten and mobilize against Israeli targets ahead of the April 7 OpIsrael wave. · ref
T1587.001 Malware TA0042
  • 2015-04-07 — Anonymous/OpIsrael actors have historically distributed DDoS tools and scripts to volunteers to participate in attacks, as documented in coverage of OpIsrael waves that reference packaged tools aimed at non-expert supporters. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-01-20T19:34:28+00:00

Anonymous Israel / Anonymous #OpIsrael Participants

Classification: TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Anonymous Israel / #OpIsrael Cluster


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunt 1 — OpIsrael campaign-window surge (date + hashtag driven)

Goal: Detect campaign waves (DDoS/defacement attempts) that align with #OpIsrael or Gaza flashpoints.

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-01-20T20:38:34+00:00

IOC Appendix (TLP:WHITE) — Anonymous Israel / #OpIsrael


More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-01-24T01:35:52+00:00

(ongoing) — CSIDB — “Anonymous #OpIsrael Participants (a.k.a. Anonymous Israel, AnonGhost, #OpIsrael)”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/3
Address Verification SOCMINT
t.me/Isr********** Restricted Not integrated
t.me/Ano**************** Restricted Not integrated
t.me/Ano**************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–2 of 2 images
Logo used in social media accounts Free Preview
Logo used in social media accounts
Propaganda Free Preview
Propaganda