Cyber Threat Actor: Hezbollah Cyber Unit
| Actor Type | Location | Known Incidents |
Terrorist
|
Lebanon
|
0 incidents |
|---|
Profile
Hezbollah’s cyber element, publicly referenced as the Qadmon (also spelled Kadimon) hacking unit or Hezbollah Cyber Unit, operates from Lebanon and is described by the group’s own media as a Shiite organization’s offensive cyber capability. The unit has used the aliases Qadmon, Kadimon and Hezbollah Cyber Unit in statements and media releases. According to Hezbollah’s al‑Manar television station, the unit has claimed responsibility for intrusions into Israeli security cameras, including feeds covering the Defense Ministry’s Kirya compound in Tel Aviv, as well as cameras in streets, cafes and other government offices. The same source says the unit also breached social‑network pages belonging to Israeli entities. Israeli newspaper Maariv reported that the unit claimed to have compromised more than five thousand Israeli websites in 2015, many of which were described as sensitive security‑related sites. These claims indicate a focus on Israeli governmental, military and civilian online infrastructure, with the apparent purpose of gathering visual intelligence through camera access and disrupting or defacing web‑based services. The group’s rhetoric, including a promotional video titled “Shattering the Illusion” and statements from Hezbollah leader Hassan Nasrallah about chemical plants, frames the activity as part of a broader effort to demonstrate reach into Israeli territory.
The techniques described in the reporting involve direct intrusion into video‑surveillance systems and mass website compromise, though no specific malware families, exploit kits or tooling are named in the open sources. The unit’s public demonstrations show actors navigating camera interfaces and accessing live feeds, suggesting the use of legitimate credentials or exploited vulnerabilities in camera management platforms. The claim of hacking over five thousand websites points to a capability for large‑scale web‑application attacks, potentially involving SQL injection, remote file inclusion or inclusion or inclusion or defacement scripts, although the exact vectors are not detailed in the available material. Attribution to Hezbollah is explicitly made by the group’s own media and corroborated by Lebanese reporting, linking the activity to the organization’s broader militant structure rather than to an independent criminal syndicate. No public evidence ties the unit to a state sponsor beyond its affiliation with Hezbollah, and no financial motive is described in the sources; the emphasized goals are intelligence gathering and demonstrative disruption against Israeli targets.
