Dark Web News

The Iran-Israel Conflict: Dark Web Trends Following Iran’s Attack

The Iran-Israel Conflict: Dark Web Trends Following Iran’s Attack

About a month ago, Iran launched an unprecedented strike on Israel, deploying hundreds of drones and missiles in retaliation for the assassination of a senior Iranian official—a strike attributed to Israel. As is typical with significant geopolitical events, deep and dark web networks surged with discussions immediately afterward. These networks have become integral in modern warfare today.

Even before delving into these digital spaces, a notable surge was evident in daily average posts, comments, and messages featuring keywords associated with Israel and Iran, mainly within the context of Iran’s attack on Israel.

A sharp spike in the number of discussions about Israel and Iran on the dark web regarding the Iranian attack on Israel. This screenshot was taken from Lunar, Webz.io Dark Web Monitoring Tool
A sharp spike in the number of discussions about Israel and Iran on the dark web regarding the Iranian attack on Israel. This screenshot was taken from Lunar, Webz.io Dark Web Monitoring Tool

In this article, we take a broader perspective, summarizing the distribution of discourse on Iran’s attack on Israel across deep and dark web networks. Notably, platforms fostering extensive user interaction, including alternative social networks, imageboards, and the widely used chat network Telegram, emerge as prominent hubs for discussion.

The distribution of discussions on Iran's attack against Israel on the deep and dark web

Our cyber team utilized Lunar to analyze these discussions, categorizing them based on the trends they identified.

Deep and dark web trends stemming from the Iranian attack

#1: Escalation of extreme and adverse discourse online

Not surprisingly, geopolitical conflicts inherently produce a lot of hate speech. We saw an increase in the amount of extreme discourse against Israel and against Jews in general right after the attack.

One discussion that caught our attention came from the 4chan imageboard website, where numerous threads featured Iranians saying that Iran will not hesitate to employ nuclear weapons to eliminate Israel. Here is a screenshot that shows one of those threads:

Example of escalation of extreme and adverse discourse online on 4chan
Another example of escalation of extreme and adverse discourse online on 4chan

Furthermore, we observed extensive discussions, including on dark web forums, where users discussed the Iranian attack, analyzing potential outcomes and even expressing concern about the onset of a third world war because of it. This screenshot shows examples of posts that highlight this concern:

Example of escalation of extreme and adverse discourse online on deep and dark web forums

It’s worth noting that the Iranian regime may be involved in fostering such discussions. An example of this occurred in a Telegram group named after a term   — “True Promise” in English — used in Iran for this Iranian attack, where Iran purportedly warned Israel against responding to their attack.

Screenshot showing a Telegram channel named after a term (“True Promise” In English) used in Iran for the Iranian attack
Screenshot showing a Telegram channel named after a term (“True Promise” In English) used in Iran for the Iranian attack

#2: Distribution of misinformation and fake news

Many videos were shared among Telegram groups shortly after the attack, some of them fake. These videos aim to make fun of Israel, showing panic that prevails in the public. You could confirm that the videos were not taken that day, but during demonstrations where people were running and shouting – which can simulate panic among the public. Other videos show people panicking over a fire that happened or ambulances going around them —  neither are in the context of the Iranian attack. 

Screenshot of pro-Islamic Telegram channel where misinformation regarding the Iranian attack on Israel was distributed
Screenshot of pro-Islamic Telegram channel where misinformation regarding the Iranian attack on Israel was distributed

There were reports circulating on the net about many massive hits in Israel, along with videos that showed flashes of light explosions in the sky – which in reality turned out to be relatively minimal physical hits.

#3: Increase in cyber warfare by Islamic hacktivist groups

Our analysis reveals a sharp and consistent rise in Islamist hacktivist activity since the Iranian attack, mirroring the previously reported surge in group activity and scope during the Hamas-Israel conflict. Israel continues to be a key target for these groups, the country enduring a relentless stream of cyberattacks.

These assaults include:

  • Disruptions aimed at halting activity on Israeli websites and systems, like DDoS attacks.
  • Endeavors to pilfer sensitive data concerning public and private entities, Israeli citizens, and IDF personnel.
Screenshot of Lunar showing an increase in the activity of pro-Islamic cyber groups on Telegram since the Iranian attack on Israel
Screenshot of Lunar showing an increase in the activity of pro-Islamic cyber groups on Telegram since the Iranian attack on Israel

SYLHET GANG-SG, a hacker group that holds anti-Israel sentiments and operates independently from Iran, claimed responsibility for disrupting the water supply system of Haifa, a major city in Israel. The attack in Haifa coincided with the onset of the Iranian attack. The group explicitly stated their support for Iran in executing the nefarious operation. However, it’s crucial to highlight that this attack has not been officially acknowledged or confirmed by Israeli authorities.

Screenshot of post where the Islamic hacktivist group, SYLHET GANG-SG, claims responsibility for a disruption to a water supply system in Israel
Screenshot of post where the Islamic hacktivist group, SYLHET GANG-SG, claims responsibility for a disruption to a water supply system in Israel

It’s worth noting that many hacker groups on the dark web claiming responsibility for cyberattacks against Israel may not necessarily have ties to Iran but show their support to it.

#4: Iranian internal resistance against the attack

Zooming in on the Iranian narrative, we encountered oppositional perspectives across the deep web. Among Iranian residents, there were those who expressed dissatisfaction with the regime’s decision to execute a substantial attack against Israel using a combination of missiles and drones. They argued that such a strike inflicted further damage on Iran’s already fragile economy.

For instance, a Telegram group contended that the attack ultimately burdened citizens, leading to a depreciation of the Iranian currency. They also deemed the attack futile, asserting that it failed to yield any significant outcomes.

Screenshot of Iranian group protesting Iran's costly and futile attack on Israel
Screenshot of Iranian group protesting Iran’s costly and futile attack on Israel

Another intriguing example of resistance comes from a Telegram channel linked to an Iranian hacker group known as “LabDookhtegan” (translated as “Read My Lips” in English). This group, in opposition to the Iranian regime, aims to gather additional information about the unit behind the Israel attack. They may intend to employ this information for doxxing or potential cyberattacks, motivated by their belief that the Iranian assault on Israel was a misallocation of funds.

Screenshot of post showing Iranian hackers seeking intel on those behind Iran's attack on Israel
Screenshot of post showing Iranian hackers seeking intel on those behind Iran’s attack on Israel

Geopolitical events stir up more activity on the dark web

As you can see, geopolitical events like Iran’s recent strike on Israel led to increased nefarious activity on the dark web. Immediately after the event, threat actors spread misinformation and fake news, and online discourse became more extreme. Islamic hacktivist groups increased their cyber warfare activities while some Iranian citizens voiced opposition to the regime’s decision to launch the strike. Governments and law enforcement agencies need to track threats amid growing global tensions and regional conflicts — and Lunar helps them do that. With Lunar, organizations can monitor dark and deep web activity, taking steps to mitigate the damage from the actions of criminal organizations and individual threat actors.

Spread the News

Not subscribed to our Dark Web Pulse updates?

By submitting you agree to Webz.io's Privacy Policy and further marketing communications.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need

GET STARTED

Expose Hidden Risks to Your Domain

Uncover dark web threats with Lunar, the next gen dark web intel platform

Subscribe to our newsletter for more news and updates!

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about Webz.io’s solutions
Create your API account and get instant access to millions of web sources