A new hacktivist group named Hezi Rash, translating to “Black Force” in Kurdish, has gained prominence in the cyber landscape, as detailed in a recent report from Check Point’s External Risk Management team.
Formed in 2023, this nationalist organization has adopted cyber warfare strategies, primarily deploying Distributed Denial-of-Service (DDoS) attacks against nations it perceives as threats to Kurdish and Muslim communities.
Targets and Tactics
According to Cyber Threat Intelligence Analyst Daniel Sadeh, leading Check Point’s research, Hezi Rash positions itself as a digital protector of Kurdish society, connecting its cyber operations to broader political and religious narratives. The group aims to function as a “Kurdish national team” dedicated to supporting and safeguarding Kurdish interests. Hezi Rash maintains an active presence on platforms such as Telegram, TikTok, YouTube, and X (formerly Twitter).
The group’s principal attack method, the DDoS, overwhelms targeted websites with excessive traffic, rendering them inaccessible. Hezi Rash has taken credit for various global attacks, significantly impacting several countries. The attack distribution is notable, with Japan experiencing 23.5% of the assaults, followed by Türkiye at 15.7%, Israel at 14.6%, and Germany at 14.2%. Other affected nations include Iran, Iraq, Azerbaijan, Syria, and Armenia.
Of particular interest are their actions against Japanese anime sites linked to a controversial representation of the Kurdish flag, as well as their involvement in the #OpIsrael campaign against Israeli platforms. Such movements underline the importance of national symbols and Islamic narratives in motivating their activities.
Researchers at Check Point recorded approximately 350 DDoS incidents associated with Hezi Rash from early August to early October, marking a notable surge compared to other similar-sized hacktivist groups within the same timeframe.
Key Alliances
Investigations reveal that Hezi Rash operates within a network of alliances, enhancing its operational capabilities. The group is connected to notable hacktivist collectives, including Keymous+, Killnet, and NoName057(16). This interconnectedness likely affords Hezi Rash access to DDoS-as-a-Service (DaaS) platforms, enabling even those with limited technical skills to launch sophisticated attacks.
Additionally, the group utilizes tools such as Abyssal DDoS v3, developed by an anti-Israel hacktivist faction. The collaboration within this network emphasizes a transition in hacktivism toward leveraging DaaS tools, simplifying the execution of politically motivated attacks and presenting a continuous threat landscape.
To counteract such threats, organizations are advised to bolster their defenses with robust DDoS mitigation services, implement Web Application Firewalls (WAF), and conduct vigilant monitoring of traffic spikes originating from residential IP addresses. This proactive approach can help in identifying and mitigating potential attacks before significant damage occurs.
