Cyber Threat Actor: Hezbollah

The threat actor known by the aliases Party of God, Hizb Allah, Islamic Jihad, Organization of the Oppressed on Earth, Hezb, and Hezbollah operates from Lebanon and is associated with the group’s cyber unit Kadimon. These names have been used in public statements and claimed responsibility for cyber activities attributed to the organization. The actor’s location is explicitly noted as Lebanon, and its cyber unit Kadimon has been identified in claims of intrusions.

Targeting described in the reported incidents focuses on Israeli security camera systems, including those at sensitive government facilities such as a Defense Ministry compound, as well as public spaces like streets, cafes, and offices. The actor asserted that it had breached thousands of websites in the prior year and used the accessed footage to produce a promotional video titled “Shattering the Illusion,” which was disseminated to demonstrate capability and threaten further escalation. While the actor’s statements indicate an intent to showcase surveillance access and issue warnings, the sources do not specify financial gain, espionage, or disruption as explicit objectives beyond the demonstrated capability and propaganda purpose.

The tactics, techniques, and procedures referenced in the sources involve unauthorized access to security cameras and the compromise of websites, followed by the release of video material that displays the obtained footage. No specific malware families, initial access vectors, or tooling styles are detailed in the provided information. The notable campaign cited is the February 14 2016 operation in which Hezbollah’s cyber unit Kadimon claimed responsibility for the camera intrusions and website breaches, presenting the resulting video as evidence of its cyber reach. This incident remains the primary publicly reported operation attributed to the actor based on the available evidence.