Executive Summary
This report, written by Dos-Op and the Alma Center, presents a comprehensive mapping of the cyberattack group BQT.Lock (BaqiyatLock) and its leader Karim Fayad, revealing a direct and systematic affiliation with Hezbollah and the Iranian cyber apparatus.
BQT.Lock operates as an offensive cyber arm with a distinctly ideological and religious motive, combining criminal cyber activity, (including ransomware attacks and the sale of ransomware tools), with the advancement of Hezbollah’s security, psychological, and economic goals.
The group operates a Ransomware-as-a-Service platform under the brand Baqiyat and claims to have encrypted hundreds of servers and stolen sensitive data around the world.
Its main attacks have targeted Israel (including Ben-Gurion Airport, Bezeq, Partner, and possibly Rafael and Elbit) as well as the United States, (including websites connected to the 2024 presidential elections), and additional entities in Saudi Arabia, India, the United Arab Emirates, and Lebanon.
The group’s leader, Karim Fayad, maintains a double life. On one hand, he is a student of Computer and Communications Engineering at the American University of Beirut (AUB) And according to his LinkedIn profile, he worked during certain periods while studying, in relevant civilian companies in the field. On the other hand, he is a Hezbollah operative within the Imam al-Mahdi Scouts, and an active cyber operative involved in Hezbollah’s cyber activity.
Hezbollah operatives frequently hold legitimate civilian jobs, using their skills and professional access to advance the organization’s goals. This operational pattern is well-established and widely recognized.
The name BaqiyatLock is a modern expression of the union between Shiite-Mahdi ideology and offensive cyber activity – religious terrorism under a technological framework.
BQT.Lock functions not as an independent activist collective but as a direct cyber arm of Hezbollah, operating in alignment with Iranian cyber groups and serving as a force multiplier in the operational, economic, and perceptual arenas.
General
Research into the cyberattack group BQT.Lock and its online activity reveals clear indications of its direct connection to Hezbollah. The group, also known as BaqiyatLock, specializes in conducting ransomware attacks across the globe.
This research was carried out by the cyber firm Dos-Op, specializing in digital investigations, data-leak detection, and automated threat hunting, in cooperation with the Alma Center for the Research of Security Challenges on the Northern Arena.
The BQT. Lock attack group (see Appendix 1) focuses on 3 main groups as the target of its attacks:
Against Israel – mainly DDoS attacks on various sites (including Ben Gurion Port, Bezeq, Partner), including, according to the group’s publications, security sites (Rafael, Elbit).
Against global targets – in the United States (including attacks carried out in August 2024 against websites linked to the presidential election campaign), Saudi Arabia, India, and the United Arab Emirates.
Against Hezbollah’s opponents inside Lebanon, led by major Christian parties and the anti-Hezbollah-affiliated MTV channel.
The group’s leader is a Hezbollah operative named Karim Fayad (see Appendix 2).
Karim Fayyad lives a “double life”. On the one hand, he is a Computer and Communications Engineering student, expected to graduate in 2026, and According to his LinkedIn He worked during his studies in relevant civilian companies in the field. In parallel, he is a Hezbollah operative who conducts cyber activity for the organization and plays a role in promoting Hezbollah’s ideological, operational, and economic objectives in the digital arena.
This “double-life” pattern is well-known among Hezbollah operatives in various units. They outwardly hold legitimate civilian professions, yet simultaneously leverage their education, expertise, and civilian access to advance both the civil and military objectives of Hezbollah.
This is a core principle of Hezbollah’s “Resistance Society” paradigm.
This operational pattern and ideological framework enable Hezbollah to expand its capabilities, blur the line between civilian activity and military-terrorist activity, and benefit from civilian cover that facilitates clandestine operations and enhances deniability. In the case of Karim Fayad and his cyber group, this constitutes a cyber force multiplier aligned with Iran’s broader doctrine of activating proxies in the digital sphere.
It is possible that Fayad took advantage of his civilian jobs to support Hezbollah’s operational needs, using technological knowledge, infrastructure, data repositories, and company systems.
Fayad is a student of Computer and Communications Engineering at the American University of Beirut (AUB), where he also worked as a researcher for several months. In 2017, the U.S. Department of Justice determined that AUB provided training and access to various Hezbollah bodies such as: Al-Manar (Hezbollah’s television channel) Al-Nour (Hezbollah’s radio station) Jihad al-Binaa (the organization responsible for infrastructure construction and reconstruction, including Hezbollah’s military infrastructure above and below ground).
Fayad’s social-media activity, and that of individuals associated with his attack group BQT.Lock, is characterized by the constant publication of Hezbollah propaganda and messaging. The consistency and systematic nature of these messages indicate a deep ideological affiliation, not merely incidental use of propaganda for criminal purposes. They point to the fusion of criminal activity with clear ideological commitment to Hezbollah. There is an alignment between the operational activity and the objectives of the cyber attacks of the BQT. Lock Group and Hezbollah’s ideology.
The name Baqiyat (باقية) (see Appendix 3) has profound religious and ideological significance for Hezbollah. In Shiite interpretation, the phrase “Baqiyyat Allah” refers to the divine presence remaining in the world or a figure considered to represent God on earth. By choosing the name BaqiyatLock, the hackers group merges a deep religious–ideological concept (Baqiyat) with a modern operational-technological component (Lock) representing locking, control, and encryption. The symbolic meaning: “The remnant of God who lock the enemies of God.” This is a modern expression of Shiite-Mahdist ideology fused with offensive cyber action — religious terrorism in technological packaging.
The group’s name, targets, activity, and ideological positioning constitute clear indicators of direct Hezbollah involvement.
The cyberattacks conducted by BQT.Lock, some in cooperation with Iranian cyberattack groups (see Appendix 1), also serve Hezbollah’s economic interests.
Ransomware operations can provide Hezbollah with additional income for its terrorist activities.
Hezbollah is not only a terrorist organization but also a criminal organization that seeks to expand revenue from illicit sources— a financial stream that has become even more important following its war with Israel, and the collapse of Bashar al-Assad’s regime in Syria, which damaged the Iranian logistical-economic supply corridor to Hezbollah in Lebanon.
Our assessment is that Hezbollah is actively operating to increase its income from international crime, and ransomware attacks are part of that effort.
Fayad’s social-media accounts reveal significant involvement in the Hezbollah Scouts network — Imam al-Mahdi Scouts (see Appendix 4). The Scoutsnetwork functions as both a declared Shiite educational–values framework, and as a mechanism for instilling militant religious ideology. It is also a structured recruitment platform for young Shiite teens who later enter Hezbollah’s various military units.
Based on his deep involvement in the Scouts network, it is highly likely that Fayad is integrated into Hezbollah’s identification and recruitment apparatus, especially in areas related to his expertise. This integration may include identifying youth with potential, initial screening of candidates and delivering them into recruitment process.
Given his knowledge, training, and skills, it is also assessed that Fayad may be an operative or supporter in one of Hezbollah’s R&D units, Electronic Warfare Unit or its Security Unit.
The Electronic Unit (see Appendix 5), under which Hezbollah’s cyber unit operates, is responsible for digital intelligence collection, defensive and offensive cyber capabilities, operations against opponents in Lebanon and attacks on strategic regional and international targets.
The Security Unit (Appendix 6) handles counterintelligence, protection of Hezbollah’s operational activity and systematic surveillance of political, civilian, military, and foreign entities
Appendices
Appendix 1: The BQT.Lock Attack Group
The BQT.Lock attack group, also known as BaqiyatLock, operates as an offensive cyber factor specializing in the deployment of ransomware attacks. The group has carried out operations against a wide variety of targets, including medical institutions, educational institutions, commercial companies, and individuals. The group reports having successfully encrypted more than 540 servers worldwide and stolen large volumes of sensitive information.
Alongside the ransomware attacks it conducts, the group also operates a criminal business model known as “Ransomware-as-a-Service” (RaaS), which enables additional actors to use the ransomware tools it has developed in exchange for payment. The distribution of cyberattack tools and the establishment of underground platforms provide infrastructure for broader criminal activity, acquired using the cryptocurrency Monero (XMR). These channels enable large-scale cyberattacks, provide access to stolen databases, and essentially make the world of cybercrime accessible to additional threat actors, including those with relatively limited technical capabilities.
The activity of the BQT.Lock group has left behind a significant amount of evidence on infected systems, revealing how the group operates. Analysis of logs that were either accidentally retained or stored due to poor security practices not only documented the sequence of actions performed on compromised systems but also enabled a deeper understanding of the attack chain.
In some cases, cybersecurity researchers were even able to attempt reconstructing or extracting encryption keys from traces left behind by the attack group. This behaviour highlights a critical weakness: although the attacker seeks to present itself as sophisticated and highly capable, its operational mistakes created openings that allowed security researchers to investigate, expose, and even reduce the damage caused by its ransomware activity.
The leader of the BQT.Lock group operates under the alias ZeroDayx1, and under the name “Liwaa Mohammad.” On the X platform, he presents a public and overt pattern of activity, boasting about cyberattacks he carried out against a wide range of targets. Analysis of the online activity of the group and its leader reveals a clear connection to Hezbollah.
Beyond the criminal dimension, these channels contain a substantial amount of ideological content, primarily material that promotes and glorifies Hezbollah’s leadership and the Iranian regime. The consistency and systematic nature of these messages indicate a deep ideological affiliation, rather than incidental use of propaganda for criminal purposes. They point to a fusion between criminal activity and explicit ideological commitment.
Monitoring of the Telegram account associated with ZeroDayx1 shows that the term “Baqiyat” is not merely the name of the ransomware he developed, but functions as an overarching brand for a broader platform he is building—a platform that combines offensive cyber capabilities, ideological propaganda, and cybercrime infrastructure.
This reinforces the understanding that the activities of ZeroDayx1 and the BQT.Lock group extend far beyond simple digital crime and are embedded within a larger ideological and operational framework characteristic of Hezbollah’s activity in the cyber domain.
A systematic analysis of ZeroDayx1’s online behaviour reveals the types of preferred targets and the ideological motives guiding him. The group’s targets fall into three main categories.
- Israel: In Israel, the group has carried out DDoS attacks against websites belonging to major companies and infrastructure entities, including Ben-Gurion Airport, Bezeq, Partner, and Rav-Kav, as well as attacks that it claims targeted sites connected to the defence industry, such as Rafael and Elbit, though the reliability of these claims should be questioned. These attacks generally resulted in temporary, short-term disruptions. In addition, the group exploited basic security vulnerabilities to break into small websites with minimal protection.
- Global objectives: Globally, the group has attacked private companies in the United States—including attacks in August 2024 on websites linked to the election system—as well as additional targets in Saudi Arabia, India, and the United Arab Emirates.
- Lebanese objectives: In Lebanon, the group also targeted Hezbollah’s primary political rivals in the domestic arena, especially the country’s two major Christian parties—the Kataeb Party and the Lebanese Forces—and in particular their leaders Sami Gemayel and Samir Geagea. The group also attacked MTV Lebanon, a channel identified as strongly anti-Hezbollah, pro-Western, and liberal.
The ZeroDayx1 profile boasts of joint attacks with additional cyberattack groups, all of which are associated with Iranian orientation.
- Cyber Fattah Team:[1] identified as a pro-Iranian group conducting cyberattacks against Israeli, Saudi, and Western targets, though there is no evidence the group is operated by Iranian government bodies.
- 313 Team: a pro-Iranian attack group associated with DDoS campaigns, breaches, and data leaks against American, Israeli, and Saudi targets, reportedly operating out of Iraq.[2]
- LulzSec: an Iranian attack group responsible for prominent attacks against major organizations such as Sony, PBS, and the CIA, and identified online as an anarchist group despite being operated by Iranian actors.
- Cyber Islamic Resistance: a pro-Iranian hacktivist collective conducting cyberattacks against Israel and the United States, functioning as part of a broader cyber “resistance axis” with ties to Iranian cyber forces.
Despite its clear ties to Hezbollah and terrorism, the BQT.Lock group maintains an online image of a hacktivist collective—hackers acting from ideological, political, or social motives.
Multiple indicators support the assessment that this is not an ordinary hacktivist cyberattack group, but rather a branch of Hezbollah within the digital domain. The group’s motives go far beyond narrow criminal or financial considerations and rest upon a religious–political ideology. Furthermore, the religious context and meaning of the group’s name suggest that the cyberattacks are a direct continuation of Hezbollah’s ideological and operational struggle. In other words, this is not a case in which Hezbollah outsourced attacks to a third party, this is direct Hezbollah activity.
Appendix 2: Karim Fayad
In analysing the “Liwaa Mohammad” profile on the X platform, also known by the alias ZeroDayX1, the user exposes a significant amount of information that, through careful comparison and cross-referencing, may assist in identifying the operator’s true identity.
Monitoring the Telegram profile of ZeroDayX1, who is the administrator of the BQT.Lock group, revealed that one of the channel’s former names was Karim Fayad, and several additional indicators emerged linking Fayad to the attack group.
The Telegram channel “kariimFayad” shares mutual followers with the ZeroDayX1 account, and the two accounts follow each other. The profile states that its owner, Karim Fayad, is a Red Team Operator—a cybersecurity specialist who performs controlled simulation attacks for organizations. It is also clearly visible from Fayad’s Telegram account that he expresses support for and identification with Hezbollah.
Moreover, the Instagram account “kariimFayad” contains several photos of Fayad’s upper body in which tattoos are visible, including a tattoo of a former Hezbollah leader on his right arm. Both the tattoo and the wristwatch seen in Fayad’s private Instagram photos are identical to those appearing in images posted on the ZeroDayX1 X account.
Karim Fayad was born in southern Lebanon and is a Hezbollah operative.
A wide range of indicators collected from social networks reveal his direct connection to Hezbollah. These indicators include consistent use of nicknames and linguistic markers associated with Hezbollah and with the Mahdist narrative; photographs from visits to the graves of Hezbollah operatives; a visible tattoo of a former Hezbollah leader on his arm; intensive activity in pro-Hezbollah Shiite propaganda channels; and a close association with the Imam al-Mahdi Scouts network (see Appendix 4).
In parallel, analysis of the ZeroDayX1 account operated by Fayad shows that it serves not only to disseminate “resistance” ideology but also to carry out cyberattacks directed against entities identified as Hezbollah opponents—further reinforcing the assessment that he is a Hezbollah operative acting to advance Hezbollah’s interests in the online domain.
Karim Fayad leads a double life. On one hand, he is a Computer and Communications Engineering student and According to his LinkedIn He worked in relevant civilian companies. On the other hand, he is a Hezbollah operative who conducts cyber activity on behalf of the organization and contributes to advancing its ideological and operational objectives in the digital domain.
Fayad is a Computer and Communications Engineering student at the American University of Beirut (AUB) and is expected to graduate in 2026. He also worked for several months as a researcher at the university. In this context, it is notable that in 2017, the U.S. Department of Justice[3] determined that AUB had provided training and civil-activity access to Hezbollah-affiliated bodies, including Al-Manar (Hezbollah’s television station), Al-Nour (Hezbollah’s radio station), and the Jihad al-Binaa organization (responsible for construction and reconstruction of infrastructure, including Hezbollah’s military infrastructure both above and below ground)—in violation of U.S. aid conditions.
The university had provided professional journalism workshops to Hezbollah media institutions and even included Jihad al-Binaa in its public NGO database, intended to connect students seeking volunteer opportunities with various organizations.
According to LinkedIn, he was employed as a– AI Engineering Intern is an entry-level position in the field of AI engineering. It is typically a temporary role in which the intern assists the AI team with daily tasks. The role likely includes developing, training, and improving machine-learning / deep-learning models; collecting and cleaning data; building datasets; writing and testing code (Python, ML libraries, etc.); integrating models into existing products or services; monitoring performance; and fixing bugs.
Given his position as an AI engineering intern and his simultaneous activity within Hezbollah, Fayad may exploit the technological knowledge, infrastructure, data repositories, and systems of the company he worked for to benefit Hezbollah. However, it is unknown to what extent he is exposed to sensitive information within his role.
Appendix 3: The Meaning of “Baqiyat” (باقية)
The Arabic term “Baqiyat” (باقية) means to remain, to continue existing after others have disappeared. In Shiite interpretation, the expression “Baqiyyat Allah” (بقية الله) refers to the divine presence that remains in the world, or to a figure considered to represent God on earth. In the Shiite world in general, and within Hezbollah in particular, the expression has acquired a clear ideological significance, symbolizing those who remain on the path of the Imam, the believers who did not yield, and the fighting core that stays loyal despite hardship.
The Iranian Revolutionary Guard Corps (IRGC) and Hezbollah frequently use this expression in propaganda and slogans, such as: “نحن الباقون حتى ظهور المهدي” — “We are the ones who remain until the appearance of the Mahdi.” The term has effectively become a symbol of revolutionary endurance and militant determination. It is used to describe those who remain loyal to the path of the Imam, continue to stand firm against their enemies, and constitute the hardened nucleus of the Resistance movement.
For Hezbollah, the term Baqiyat embodies the identity of the “eternal resistance”: the fighters, the martyrs, and the younger generation of the Imam al-Mahdi Scouts who are raised within the messianic-Mahdist worldview (see Appendix 4).
On the operational and strategic level, the use of the term “Baqiyat” allows Hezbollah to construct an ethos of constant resilience, justify the continuation of armed struggle, and establish ideological legitimacy for recruitment practices, indoctrination, and the cultivation of loyalty among the younger generation. Thus, the term functions not only as a theological–religious expression but also as a central tool in psychological influence and in conveying messages that encourage recruitment into Hezbollah.
The choice of the name BaqiyatLock by the hacker group is an action with clear theological and political significance. The name merges a deep religious-ideological foundation with a modern operational technological component— “Lock”, which represents locking, control, and encryption capabilities. The symbolic meaning is clear: “The remnant of God who lock the enemies of God.” This is a modern expression of the fusion between Shiite-Mahdist ideology and offensive cyber activity—religious terrorism wrapped in technological form.
Appendix 4: Imam al-Mahdi Scouts
From his social-media photos, it appears that Fayad is active in the Imam al-Mahdi Scouts, a large-scale Shiite educational and ideological framework that serves as one of Hezbollah’s primary channels of influence over the younger generation.
The Imam al-Mahdi Scouts function both as a declared Shiite educational–values framework and as a covert mechanism for instilling militant religious ideology. Another central aspect of this network is its role as a structured recruitment platform: commanders in Hezbollah’s military units monitor standout trainees, mark promising candidates, and place them into a direct recruitment track beginning at around age 16–17. This process ensures a continual flow of young, ideologically committed manpower aligned with the values of the “Resistance Society.”
Based on Fayad’s deep involvement in the Scouts network, it is highly likely that he is integrated into Hezbollah’s identification and recruitment mechanism in ways connected to his area of expertise. This integration may include roles such as identifying youths with potential, conducting initial screening of candidates, and transferring them into the organization’s selection processes.
Appendix 5: The Electronic Unit
Hezbollah’s Electronic Unit functions as the organization’s digital wing. Based in Beirut, it oversees information warfare, propaganda efforts, and the management of social-media campaigns, while also conducting surveillance and monitoring of adversaries. The unit includes several subordinate teams that specialize in analyzing data gathered from cyber intrusions and tracking online accounts and digital activity.
One of the sub-units of the Electronic Unit is called “Simia,” and it is responsible for creating an army of bots intended to advance Hezbollah’s political and strategic objectives. The unit works to spread propaganda, disinformation (fake news), and narratives in the digital sphere that promote Hezbollah while simultaneously acting against its opponents. The goal is to influence public perception, shape sentiment, and affect public opinion.[5]
Operating under the Electronic Unit is Hezbollah’s Cyber Unit, which is tasked with gathering intelligence from digital sources and conducting both defensive and offensive cyber operations, targeting adversaries within Lebanon as well as high-value targets across the region and internationally.
Hezbollah’s Cyber Unit attacks a wide variety of targets, including Lebanese companies, government organizations, and Lebanese citizens. These attacks constitute a major means of gathering extensive internal information, which Hezbollah uses to control Lebanese public opinion, identify opponents, and act against those who challenge it. The unit also attacks a wide range of targets in various Arab and Western countries, serving the same strategic interests.
Hezbollah’s Cyber Unit works in close cooperation with Unit 300 of the IRGC’s Quds Force in the areas of infrastructure, professional training, and advanced technologies.
Quds Force Unit 300 is responsible for offensive cyber capabilities and electronic warfare within the Iranian Revolutionary Guard Corps. It serves as the central hub for the development and deployment of Iran’s advanced cyber capabilities. Its role includes developing attack infrastructure, carrying out intelligence operations, and conducting cyberattacks against state infrastructure, companies, and individual targets considered to have strategic importance. In addition, the unit plays a major role in empowering organizations operating under Iranian sponsorship by providing them with intelligence-gathering capabilities, technological surveillance systems, electronic warfare tools, and dedicated training and instruction.[6]
A recent example of cooperation between Iran and Hezbollah in the cyber domain was exposed in December 2023, when it was revealed that during the “Swords of Iron” war, Iran and Hezbollah attempted to attack Ziv Hospital in Safed. The attack was carried out by the Iranian Ministry of Intelligence in cooperation with Hezbollah’s cyber units known as “Lebanese Cedar,” which operate under the leadership of Muhammad Ali Marhi.[7]
The Lebanese Cedar attack group has been active since 2012 and is also known as “Volatile Cedar.” Cyber researchers have linked the group to numerous attacks against companies in the United States, the United Kingdom, Egypt, Jordan, Lebanon, Israel, and the Palestinian Authority, from which valuable data was stolen.[8] The group also conducts cyberattacks against strategic financial targets, such as gas and oil companies in Gulf countries.
Iran has long used “cyber patriots”—civilians with technological expertise who are deployed to advance national interests—as an integral part of its regional cyber strategy.[9] Similarly, Hezbollah implements a parallel model within Lebanon, recruiting, training, and deploying civilians with high professional qualifications to serve as a cyber force within its operational apparatus.
Figures such as Karim Fayad illustrate this pattern clearly: individuals who outwardly operate within legitimate civilian professional frameworks, but who concurrently exploit their expertise and technological access to advance Hezbollah’s ideological and operational goals. This model enables the organization to expand its cyber capabilities, blur the line between civilian activity and terrorism, and benefit from greater plausible deniability—consistent with Iran’s broader doctrine of deploying proxies in the digital sphere.
The nature of the Cyber Unit’s work aligns with Fayad’s activity, and therefore it is highly likely that he is an operative or supporter within the unit.
Fayad’s capabilities may provide valuable intelligence and operational advantages, making him a significant asset to Hezbollah’s Cyber Unit. His technological knowledge can assist Hezbollah in conducting direct cyberattacks on behalf of the organization, targeting civilian or governmental entities, creating psychological or operational impact, and carrying out ransomware attacks for financial gain. At the same time, Fayad can enhance digital intelligence collection through penetrating systems, identifying vulnerabilities, and extracting sensitive information that serves Hezbollah’s interests.
In addition, Fayad’s professional skill set enables him to improve and develop Hezbollah’s cyber capabilities, whether by creating new tools, upgrading existing infrastructure, or providing technical consultation to the organization’s cyber bodies.
Appendix 6: Security Unit 900
Hezbollah’s Security Unit (Unit 900) effectively functions as a type of “secret police.” The unit is responsible for countering espionage directed against Hezbollah in particular and against Lebanon in general, securing Hezbollah’s operational activities, and conducting systematic surveillance of all political, civilian, military, and foreign entities in Lebanon—including the Lebanese presidency, local political parties, diplomats, and UNIFIL personnel—who may pose a threat to its operations. Unit 900 is one of the organization’s central mechanisms of control within the Lebanese arena and serves as a first line in Hezbollah’s campaign against foreign intelligence activity, especially Israeli intelligence operating within Lebanon.[10]
One of the unit’s functions is to conduct surveillance on individuals and entities deemed “of interest” to Hezbollah. This surveillance is also carried out using technological and digital intelligence tools, including SIGINT, WEBINT, OSINT, cyber capabilities, and similar methods. Monitoring is directed at any entity in Lebanon that Hezbollah considers operationally, security-wise, religiously, or socially relevant, including those suspected of hostile intelligence activity, violating the religious–moral norms enforced by the organization, or posing a potential threat to its control over the area.
Karim Fayad may be integrated as a digital operator or assistant for the Security Unit, exploiting his technological expertise to conduct surveillance and gather intelligence in the online domain. His cyber skills could be used by the organization to identify targets, monitor activity on social networks, penetrate devices and servers, and collect data on individuals or groups designated by Hezbollah as problematic—whether for security, religious, or social reasons.
Sources:
[3] https://www.justice.gov/usao-sdny/pr/acting-manhattan-us-attorney-announces-settlement-american-university-beirut-resolving?utm_source=chatgpt.com
[4] https://israel-alma.org/hezbollah-executive-council-organizations-operating-under-the-education-unit/
[5] https://israel-alma.org/hezbollahs-electronic-army-a-case-study/
[6] https://israel-alma.org/irans-military-aid-to-hezbollahs-rehabilitation-involved-units/
[7] https://www.gov.il/en/pages/ziv181223
[8] https://www.clearskysec.com/cedar/
[9] https://nationalinterest.org/blog/techland/how-iran-built-hezbollah-top-cyber
[10] https://israel-alma.org/hezbollahs-security-unit-900/
https://www.facebook.com/mirza313K –
linkedin:
https://www.linkedin.com/in/karim-fayad-a79450346
instagram:
https://www.instagram.com/karimf01
https://www.instagram.com/kariimfayad
https://www.instagram.com/zerodayx_
https://www.instagram.com/rootusser
Twitter (X):
BreachForums:
https://breachforums.is/User-zerodayx1
Telegram:
