In 2012, Israeli cybersecurity experts discovered a group calling itself Lebanese Cedar engaged in hacking, distributing malware, and other digital mischief that appeared to be connected to the Iran-backed terrorist group Hizballah. After ceasing its activities for a period, the group seems to have resurfaced last year. Annie Fixler writes:

In the non-cyber domain, Hizballah has relied on the Islamic Republic to develop its military capabilities. For example, Iran has transferred components for manufacturing precision-guided missiles and has helped Hizballah set up conversion and assembly facilities in Lebanon, with the goal of establishing domestic production capability. Iran has also provided Hizballah with drone technology.

A similar dynamic is happening with technology and cyber capabilities. Iran built Hizballah’s secure telecommunications network and supplies the funding and technical know-how for Hezbollah’s robust cyber warfare training program. The former Israeli national security advisor Yaakov Amidror went so far as to call Hizballah Iran’s cyber “subcontractor.”

The increased likelihood of the use of cyber tools [to attack the U.S. and Israel] is enhanced by another dynamic—the increased effectiveness of the cyber tools available to terrorist groups like Hizballah and other non-state actors. In this latest global espionage campaign, Lebanese Cedar used not only custom, self-developed tools, but also a far greater number of tools readily available to malicious actors on the Internet. The accessibility of sophisticated open-source and dark-web tools is increasing the capability of non-state cyber actors exponentially.

Because of the difficulties of counterattacking Hizballah in the digital realm, Fixler urges the U.S. (and by extension Israel) to focus on cybersecurity, to make cyberterrorism more difficult.

On Tuesday, a Hizballah drone attack injured three people in northern Israel. The next day, another attack, targeting an IDF base, injured eighteen people, six of them seriously, in Arab al-Amshe, also in the north. This second attack involved the simultaneous use of drones carrying explosives and guided antitank missiles. In both cases, the defensive systems that performed so successfully last weekend failed to stop the drones and missiles. Ron Ben-Yishai has a straightforward explanation as to why: the Lebanon-backed terrorist group is getting better at evading Israel defenses. He explains the three basis systems used to pilot these unmanned aircraft, and their practical effects:

These systems allow drones to act similarly to fighter jets, using “dead zones”—areas not visible to radar or other optical detection—to approach targets. They fly low initially, then ascend just before crashing and detonating on the target. The terrain of southern Lebanon is particularly conducive to such attacks.

But this requires skills that the terror group has honed over months of fighting against Israel. The latest attacks involved a large drone capable of carrying over 50 kg (110 lbs.) of explosives. The terrorists have likely analyzed Israel’s alert and interception systems, recognizing that shooting down their drones requires early detection to allow sufficient time for launching interceptors.

The IDF tries to detect any incoming drones on its radar, as it had done prior to the war. Despite Hizballah’s learning curve, the IDF’s technological edge offers an advantage. However, the military must recognize that any measure it takes is quickly observed and analyzed, and even the most effective defenses can be incomplete. The terrain near the Lebanon-Israel border continues to pose a challenge, necessitating technological solutions and significant financial investment.