Unit 8200
Unit 8200 is an elite cyber and signals intelligence group within the Israel Defense Forces. The provided content describes it as conducting large-scale surveillance of Palestinians in Gaza and the West Bank, including a cloud-based system that reportedly became operational in 2022 and enabled storage and replay of millions of mobile phone calls per day. According to the cited reporting, Unit 8200 used Microsoft Azure for this system after seeking additional storage and compute capacity, and sources alleged the resulting intelligence was used to support military operations, including researching or identifying targets for airstrikes, as well as detention, blackmail, and post hoc justification of killings. The content also states that under commander Yossi Sariel, Unit 8200 pursued a broader mass-surveillance strategy described by a source as 'tracking everyone, all the time,' and developed an AI-assisted text-message analysis system called 'noisy message' that scans Palestinian text messages and assigns risk ratings based on suspicious terms. The content further notes speculation in multiple media reports and by experts that Israel, through Unit 8200, was behind Stuxnet as part of the broader U.S.-Israeli operation commonly associated with Operation Olympic Games, though this is presented as speculation rather than confirmed attribution in the provided material. Known alias in the content: unit_8200.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Government & Administration
- Media & Entertainment
Where they target
Geographies tied to known operations.
- 🇵🇸 Palestinian Territories
Where they're from
Attributed origin per open-source reporting.
- IL
Tradecraft
9 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Unit 8200 is known as the elite cyber group of the Israel Defense Forces, specializing in cyber operations, intelligence gathering, and offensive cyber capabilities.
Israeli military intelligence unit conducting large-scale signals intelligence and mass surveillance of Palestinians, storing intercepted calls in Microsoft Azure and using the resulting intelligence to support military operations, including target research for airstrikes.
Unit 8200, the Israeli military intelligence unit, is believed to have collaborated with the NSA's Equation Group in the development and deployment of Stuxnet as part of Operation Olympic Games. Their role included intelligence gathering, targeting, and possibly testing the malware on similar centrifuge equipment. Unit 8200 is recognized for its advanced cyber capabilities and involvement in offensive cyber operations.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.