Hacker Brigades:

Why has Hezbollah established cyber warfare units?
Hacker Brigades:
June 12, 2021

The cyber capabilities of the Lebanese militia Hezbollah are growing, as evidenced in a report late last January from cybersecurity firm ClearSky. The report disclosed that a group of Hezbollah-affiliated hackers, under the name Lebanese Cedar, carried out a global spying campaign. Intelligence reports also revealed that the Iranian Revolutionary Guard Corps (IRGC) has established a new cybersecurity unit within Hezbollah’s counterintelligence apparatus. Hezbollah’s current effort can be understood as enhancing its cyber capabilities in order to increase the militia’s ability to easily spy on various Lebanese state institutions. Hezbollah is expected to attempt to use its growing power in the cyber realm in order to carry out cyber attacks on various countries in the region. In this context, Tehran’s creation and oversight of a new intelligence unit within Hezbollah comes as part of Iran’s effort to tighten its grip on Lebanon.

The main indicators of the significant increase in Hezbollah’s cyber capabilities, and the militia’s motives for enhancing its potential in this regard, are as follows:

1- Global espionage campaign: The Tel Aviv-based cybersecurity firm, ClearSky, noted in its report from late last January that a group of hackers backed by Hezbollah carried out a global espionage campaign, targeting mainly communications networks in several countries around the world.

ClearSky explained that a group of hackers calling itself Lebanese Cedar was able to hack into more than 250 servers in the United States, Britain, Egypt, Jordan, Lebanon, Israel, and the West Bank. The firm added that Lebanese Cedar’s espionage campaign started at the beginning of 2020, prior to its recent discovery.

The group’s cyber attacks targeted the collection of intelligence data and the theft of databases containing sensitive information. News reports indicated that most of the members of Lebanese Cedar were selected from the joint Iranian-Lebanese unit that was established as a sort of electronic army after the assassination of former Lebanese prime minister, Rafic Hariri, in 2005.

2- Creation of an internal espionage unit: Reports such as that issued by Intelligence Online on 24 March, indicated that the IRGC-affiliated Quds Force had established a new cybersecurity unit within Hezbollah’s counterintelligence apparatus. According to those reports, Jawad Hassan Nasrallah, the son of militia leader Hassan Nasrallah, works in this unit. The new unit aims to train Hezbollah spies to carry out electronic attacks.

These reports noted that the new unit is headquartered in an empty building in Beirut’s southern neighborhood of Dahieh. Tehran has equipped this headquarters with the latest technology, similar to that at Sharif University in Tehran, which teaches computer science to nearly 90,000 students. The university’s computer scientists constitute a valuable talent pool for Iran’s intelligence apparatus.

The reports suggested that the IRGC supervises infiltrators from Lebanon, Iraq, and Syria, who are trained in Beirut in social profiling, direct cyber attacks, and influence campaigns.

3- Spying on Lebanese state institutions: Hezbollah’s current effort can be understood as strengthening its cyber capabilities in order to increase the militia’s ability to easily spy on various Lebanese state institutions. This would increase its strength in the country’s domestic balance of power vis-à-vis the other forces.

4- Iran’s increased grip on Lebanon: Tehran’s creation and oversight of a new intelligence unit within Hezbollah comes within the framework of Iran’s effort to tighten its grip on Lebanon. This is consistent with pledges from the chief commander of the IRGC, Hossein Salami, to expand the electronic capabilities of Iran’s intelligence apparatus following the killing of Qasem Soleimani.

In sum, the rise of Hezbollah’s cyber capabilities represents a qualitative development in the capabilities and tools that this militia possesses, which will enhance its role as a regional saboteur. Furthermore, Iranian supervision of these increasing capabilities will lead to the consolidation of Hezbollah as a key tool in Tehran’s project for the region.


https://www.interregional.com/en/hacker-brigades/