[jstarfish]

It's not evidence at all, just data (intelligence) that makes me reconsider what I thought I knew about the situation and what else might be related that I didn't consider before.

We have a "special" relationship with Israel so I can't go too much into detail, but suffice to say it was password spraying attacks that originated from domestic residential IPs that dropped off. Normally foreign agencies use datacenters and a known set of VPN ASNs. Israel happens to have their own onion routing network in the form of Hola/Luminati, but that isn't a discrete ASN-- it's a botnet of residential proxies.

https://news.ycombinator.com/item?id=18161706

I don't know if Luminati is even still a thing but this is the sort of footprint I'd expect from it. They'd find residential proxies useful for their astroturfing campaigns so I assume it's still up. Attribution is a game of educated guesses.

Now, I'm not implying the Israeli government is the actor here. For all I know it's some bored teenager fucking with us. The timing is what's suspect. Either the operator was compelled to stop when war broke out or the infrastructure they were using was somehow impacted by the Gaza offensive.