Hamas Turns To Instagram To Lure IDF Soldiers

The Israeli military uncovered a new effort by the Hamas terror group to trick soldiers into downloading spyware applications onto their phones by befriending them on Instagram with accounts purporting to belong to attractive women, the army said recently.

The Israel Defense Forces’, IDFs, information security branch revealed a similar attempt in July 2018 by the Gaza-based Hamas that used the Facebook social media site to lure soldiers into installing software onto their phones that would allow the terror group to remotely control it, turning on the device’s cameras and audio recorders.

“We can say definitively that Hamas failed in its mission and did not succeed in getting classified information leaked,” said the officer in charge of policy for Military Intelligence’s information security branch, in an interview with the IDF’s website.

Recently, a civilian cybersecurity firm also found an attempt by Hamas to hack Israeli civilian phones using an app called IsraelAlert, a fake version of the “Code Red” app, which is used to warn people of impending rocket attacks.

According to ClearSky Cyber Security, IsraelAlert would have also given Hamas control over the user’s phone, allowing the terror group to take pictures, make calls or transmit location data.

However, the firm said that it appeared the malicious app had been discovered at an early stage and had not infected many phones.
Operation Broken Heart

The military credited a new campaign, dubbed “Operation Broken Heart,” with foiling Hamas’s new Instagram-based plot. The program consists of a series of informational posters displayed on army bases throughout the country, as well as active efforts to root out attempts by Hamas and other groups to gain access to sensitive military information.

“Hamas tried, unsuccessfully, by preserving the connections [with soldiers] it had made in the past or starting new ones with fake identities we hadn’t uncovered yet. 

“Thanks to the heightened awareness that we developed, these efforts were also exposed by soldiers, and that way we thwarted additional false identities,” said the officer, Lt. Col. “Aleph,” who could only be identified by his rank and the first Hebrew letter of his name for security reasons.

After discovering the fact that the terror group was attempting to use fake online identities to contact soldiers, the military then worked to find and expose those profiles.

According to Aleph, part of the challenge in his unit’s fight against attempts by Hamas to trick soldiers into befriending them is the strong desire by Instagram users to gain more followers, which can lead them to abandon common sense.

“This is a network that has a sharing culture that is getting more intense, all around pictures and sharing and ‘look at me,'” he said.

“The popularity and the need for followers increases the risk, and therefore we need to follow the rules, not allowing people we don’t know to follow us, being wary of links sent to your private mailbox,” he said.

In January 2017, the IDF revealed that it had discovered some of the first efforts by Hamas to “catfish” soldiers, to pretend to be attractive women in order to get soldiers to reveal classified information and download spyware software, in a project known as “Operation Hunters’ Battle.”

According to the military, the terror group had adopted new, more sophisticated tactics in the intervening year and a half.

For instance, the custom-built spyware software was uploaded to the Google Store, to make it seem legitimate, whereas in the past it was only available as a downloadable link, which would be more likely to raise suspicions.

Once one of the apps was on the recipient’s phone, the phone could be taken over to covertly take and send photographs, eavesdrop on conversations, copy stored files and pictures, and transmit location details, all of which would greatly contribute to an enemy’s knowledge of IDF operations.

In most cases, the IDF said, soldiers did not download the apps and they often informed their superiors of their suspicions.

Google has since deleted the apps that are known to have contained spyware from its store.

Though the military had long warned soldiers that their social media accounts could be exploited by terror groups and enemy states, last year’s discovery spurred the IDF’s information security branch to step up its efforts and to specifically alert troops to the dangers of downloading strange applications to their phones.

“I want to make it clear to soldiers that even if Hamas adds more applications and tries different platforms, the moment that they recognize there is a problem, they won’t be affected by it,” Aleph said.

“Soldiers need to ask themselves a number of questions: Why did they contact me? Why is someone who appears to have romantic or friendly feelings toward me asking me questions about the military or if I want to download an app? And most of all, why should I give permission to a stranger who asked me to install something?” he added.

In the Facebook-based plot uncovered last month, some 100 soldiers were duped into doing downloading spyware via a World Cup app and two online dating sites, the IDF said at the time, though then too the army insisted no damage had been done to Israeli security.

“No damage was done, as we stopped it in time,” an officer involved in Operation Broken Heart said.

Attackers used stolen identities to create convincing fake Facebook profiles of young Israelis, written in fluent Hebrew studded with current slang. They then initiated flirtatious exchanges with their targets from Israeli mobile numbers, the military said those operating the accounts were not necessarily based in Gaza, before encouraging them to download the apps.

“What Hamas is bringing to the table is a very good knowledge of our young people and their state of mind,” another IDF officer said.

Asked how he could be sure Hamas was behind the online offensive, he declined to say but insisted there was no doubt.

Times of Israel:

You Might Also Read:

Hamas Upgrades Cyber Espionage Capability

« Trump Relaxes US Cyber Attack Rules
Blockchain, Chatbots, AI Could Reinvent Corporate Finance »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

Prescient

Prescient

Prescient’s Cyber solutions supplement your firm’s existing data security infrastructure with specialized investigations that identify unconventional cyber risks.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

Industrial Cybersecurity Center (CCI)

Industrial Cybersecurity Center (CCI)

CCI is the first center of its kind that comes from industry without subsidies, independent and non-profit, to promote and contribute to the improvement of Industrial Cybersecurity.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

Syber Technology

Syber Technology

Syber Technology is an IT project implementer empowering IT systems of Small to Medium Enterprises in the Middle East.

Salvador Technologies

Salvador Technologies

Salvador Technologies provides the world’s fastest technology to recover from cyber-attacks.

RankedRight

RankedRight

RankedRight empowers security teams to take immediate action on their most critical risks.

VISO Cyber Security

VISO Cyber Security

VISO provide Cyber Security Consulting and CISO as a Service to companies who need to augment their leadership teams with information security expertise.

Cyber Security Council UAE

Cyber Security Council UAE

The Cyber Security Council's vision is to protect UAE cyberspace, maintain confidence in our digital infrastructure and institutions, and build a cyber-resilient society.

IT Solutions Consulting

IT Solutions Consulting

IT Solutions is a full-service IT partner providing managed services and other information technology solutions nationwide.

Lighthouse IT

Lighthouse IT

At Lighthouse IT, we are focused on delivering seamless and reliable services to unlock the value of technology for your business.

Digital Encode

Digital Encode

Digital Encode is a leading consulting and integration firm that specializes in the design, management, and security of business-critical networks, telecommunications, and IT infrastructures.

Triovega

Triovega

Triovega are a leading provider for production security and efficiency. Our solutions enhance OT security, and reduce production downtime.

DuploCloud

DuploCloud

DuploCloud offers an end-to-end DevOps software platform for dev teams that don’t have dedicated DevOps engineers and augments those that do.