IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Resurgence of OpsBedil: Is hacktivism now on TikTok?
Wed, 20th Apr 2022
FYI, this story is more than a year old

A new threat advisory from Radware details a resurgence of OpsBedil operations.

First appearing in 2021, the latest operation and attacks are being led by DragonForce Malaysia and its affiliates, using the tag #OpsBedilReloaded. The operation is considered a political response to escalating tensions in the Middle East.

According to Radware, DragonForce Malaysia's OpsBedil fills the void left by one of the world's most infamous and now defunct Anonymous operations, OpIsrael. Unlike OpIsrael, a scheduled yearly event, OpsBedil is mainly reactionary and follows physical or political confrontations in the Middle East. DragonForce Malaysia and its affiliates have the time, resources, and motivation to present a new moderate level of risk for small to medium-sized businesses and government entities of Israel.

“OpsBedil has replaced the now defunct Anonymous operations known as OpIsrael, showing that hacktivists don't die, they evolve,” says Daniel Smith, head of research for Radware's cyber threat intelligence division.

“OpsBedil represents a clear and potent threat to organisations that have unprotected assets and are in Israel or have associations with Israel. Companies need to be on guard, especially from April through July. Using crowdsourcing, the OpsBedil operation will prioritise quantity over quality to spread information and propaganda, deface websites, leak data, and conduct denial-of-service attacks," he says.

“Among other platforms, this new generation of hacktivists is now using TikTok as a communication forum. Threat actors can recruit a crowd of hacktivists, share operations details, and post videos, which can also give away visual clues as to the identities and global distribution of the participants," says Smith.

Need to know:

  • OpsBedil is replacing the now defunct Anonymous operations known as OpIsrael. The new operations are conducted by DragonForce Malaysia and its affiliates throughout Southeast Asia, specifically Malaysia and Indonesia. 
  • Unlike Anonymous, which has very little bandwidth left to target Israel, DragonForce Malaysia and its affiliates have the time, resources, and motivation to present a new moderate level of risk for the country of Israel. There is a new guard in charge with high motivation to lead organised crowd-sourced attacks to spread propaganda.
  • The driving force behind #OpsBedilReloaded is DragonForce Malaysia, a pro-Palestinian hacktivist group located in Malaysia. DragonForce Malaysia has also been observed working with several other hacktivist groups, including the T3 Dimension Team and RileksCrews. 
  • Since last year, there have been four official operations under its battle tag, mainly reactionary and following physical or political confrontations. Operations tend to have a stronger presence in the months of April, May and July. 
  • It is expected that DragonForce Malaysia will be most active between Al Quds day and Jerusalem day, with extended operations lasting through to July. 
  • DragonForce Malaysia, like most hacktivists, relies on unsophisticated and publicly available attack tools for scanning and denial-of-service attacks. Some of the group's favourite tools include Hammer and DDoS-Ripper, both leverage Facebook.com and w3.com web services as bots to perform indirect-path application-level attacks.

Online presence/branding/social media for recruitment
DragonForce Malaysia has a website and a forum where threat actors conduct most of their announcements and discussions. The forum today has grown to 13,000 members and 11,000 discussion threads covering everything from anonymity to technology. There appears to be a departure away from Facebook and Twitter to TikTok and Instagram to propagate support and recruit activists. The professionalism of the operation is reflected in the group's branding and advertising efforts.

Tactics using the crowd
Attacks include scanning and exploiting, data dumps, denial-of-service attacks, and website defacements. Attacks may also include unwanted emails containing malicious files or antisemitic SMS/WhatApp messages directed at Israeli citizens. Those who directly or indirectly support the country of Israel could become a target of DragonForce Malaysia during this period.

"Though the scripts are rudimentary and the tools being used (detailed in alert) are not especially sophisticated, they are being successfully used to commit flood attacks and cause harm," Smith says.

"This indicates that the group itself is operating to a more coordinated level than last year and predecessors Anonymous," he says.

"Overall, crowdsourcing hacktivists focus on impact and scale — quantity over quality of targets and hits. Though they claim not to operate annually, there is certainly cause for concern from some of the patterns being observed."