After losing many of its commanders and weapons to Israeli strikes last year, Hezbollah, the Iran-backed Lebanese militia, has transferred its war against Israel from the ground to cyberspace. Its cyber army, called Cedar, is based in Dahieh, a mostly Shia district of southern Beirut.
Cedar significantly increased its activities after Israel’s pager attack that killed, maimed and injured numerous Hezbollah operatives in September 2024.
For the latest news & views from every corner of the world, Worldcrunch Today is the only truly international newsletter. Sign up here.
A Lebanese cybersecurity expert, speaking anonymously to Kayhan-London, said that Cedar’s “activities and budget, paid for by Iran, have increased significantly” since the pager operation and killing of Hezbollah leaders Hassan Nasrallah and Hashem Safieddine. The budget had increased by “600%, with more than 300 hackers working at the Dahieh center,” he said.
He said “there were at least 250 cyber attacks on Israeli websites between the time of the pager attacks and March 1. In recent days, Cedar’s toughest cyber unit, called Rizwan, had successfully hacked Israel’s national security ministry and its 11 departments including the police, arms and ammunition office, prison authority and fire department, also publishing information relating to a number of armed settlers.”
“Complex and effective”
“Israel is not the only country to have suffered cyber attacks by Hezbollah. It has also attacked communication networks and websites in the United States, UK, Saudi Arabia, Egypt, Jordan, the United Arab Emirates and even institutions linked to the West Bank Palestinian Authority,” the specialist said.
His statements have been corroborated by Check Point Software Technologies, a key U.S.-Israeli IT security firm, which qualifies Hezbollah as the Middle East’s most “complex and effective cyber terrorist organization.”
Cedar has been active since 2012 and became a serious threat to regional and Western systems in 2021. In November 2023, Cedar operatives targeted the medical registry of the Ziv hospital in Safed, Israel, to gather patient information. Israeli officials cite the incident as part of Iran’s wider strategy of targeting Israeli non-military infrastructures.
A ceasefire breach?
In December 2023, Israel’s National Cyber Directorate warned about an increase in phishing activities by Iranian and Lebanese hackers, which sent malware emails to Israeli IT officials, posing online as employees of American cybersecurity firm F5.
Following the end of the 60-day ceasefire between Israel and Hezbollah, representatives met in Naqoura, Lebanon, to discuss issues pertaining to the ceasefire that began on Nov. 27. The deal foresees the end of all hostilities, on both sides, and eventual withdrawal of Israeli forces from southern Lebanon. Yet it is not clear if the deal concerns cyber warfare.
If cyberwarfare constitutes a breach of the ceasefire, Israel could justify renewing strikes on buildings as purported centers of cyberattacks. This would complement the fact that Hezbollah has yet to disarm as the ceasefire and the subsequent UN Resolution 1701 have urged. The Naqoura meeting has for now led to the creation of three working groups to pursue implementation of the ceasefire and hammer out border security issues.
