A new hacktivist collective, Hezi Rash, has rapidly become active, reportedly executing approximately 350 Distributed Denial-of-Service (DDoS) attacks within a two-month period. Identifying as a “Kurdish national team,” the group focuses its cyber operations on nations perceived as threats to Kurdish or Muslim communities according to research from Check Point’s External Risk Management.
Established in 2023, Hezi Rash (Kurdish for “Black Force”) uses DDoS attacks to flood target websites with junk traffic, causing service disruptions. This volume of activity, documented between early August and early October, indicates a notable level of operational tempo for a group of its size, as reported by Hackread.com.
The group’s motivations are deeply intertwined with political and religious issues, framing its actions as a digital defense of Kurdish society. This was exemplified by retaliatory attacks on Japanese anime sites following a depiction of a burning Kurdish flag, and targeting Israeli platforms during the #OpIsrael campaign, according to Check Point’s findings. Hezi Rash maintains an online presence across platforms including Telegram, TikTok, YouTube, and X (formerly Twitter).
Geographical Targeting and Operational Scope
Geographically, Hezi Rash attacks have spanned multiple regions. Top targets include:
- Japan (23.5%)
- Türkiye (15.7%)
- Israel (14.6%)
- Germany (14.2%)
- Iran (10.7%)
- Iraq (7.5%)
- Azerbaijan (5.7%)
- Syria (4.3%)
- Armenia (3.9%)
This broad targeting reflects their stated focus on perceived threats to Kurdish or Muslim interests globally.
Methodologies and Alliances
While Hezi Rash does not publicly disclose its specific methodologies, investigations suggest significant reliance on alliances with other hacktivist groups. These include collectives such as Keymous+, Killnet, and NoName057(16). Such collaborations likely facilitate access to DDoS-as-a-Service (DaaS) platforms like EliteStress, which enable individuals with limited technical expertise to launch attacks. The group is also reported to utilize tools such as Abyssal DDoS v3, developed by anti-Israel hacktivist groups. For context on other cyber threats, you can read about how APT28 Targets Financial Sector with New Carbanak Spear-Phishing Campaign.
Defensive Recommendations
The emergence of Hezi Rash underscores a trend in hacktivism toward leveraging readily available DaaS tools and collaborative networks for political disruption. Organizations are advised to implement robust defenses:
- Specialized DDoS mitigation services
- Web Application Firewalls (WAF) with challenge pages
- Continuous monitoring for unusual traffic spikes, particularly from residential IP addresses
These measures are crucial, as highlighted by security experts. The continued evolution of hacktivist groups like Hezi Rash, and broader cybersecurity concerns such as those discussed in CISA Confirms Linux Kernel Flaw Exploited in Ransomware Attacks, necessitates proactive defense strategies to protect digital assets and infrastructure from increasingly sophisticated threats.