Cyber Attacks On Israel Expand

Uploaded on 2023-11-27 in NEWS-Cybersecurity News, FREE TO VIEW

In the wake of Hamas’s attack on Israel, researchers and cyber security firms observed greatly increased activityby hacktivists  hacktivists and state-sponsored hacking groups. As the conflict has intensified there has been a significant increase in the frequency and sophistication of cyber attacks on Israel. 

Now, recent analysis has focused on a Rust version of a cross-platform backdoor called SysJoker, which  has likely been used by a Hamas-affiliated threat actor to target Israel.

The research unit at Check Point has been conducting analysis to discover, attribute and mitigate the relevant threats. In particular, a new variants of the SysJoker malware has been identified, including one coded in Rust, which has been investigated by  Check Point’s attention. “Our assessment is that these were used in targeted attacks by a Hamas-related threat actor." their report says.

"Among the most prominent changes is the shift to Rust language, which indicates the malware code was entirely rewritten, while still maintaining similar functionalities.... In addition, the threat actor moved to using OneDrive instead of Google Drive to store dynamic C2 (command-and-control server) URLs," Check Point report.

  • SysJoker was first investigated by Intezer Labs in January 2022, describing it as a backdoor capable of gathering system information and establishing contact with an attacker-controlled server by accessing a text file hosted on Google Drive that contains a hard-coded URL.
  • According to research from VMWare “SysJoker RAT is cross-platform malware which targets Windows, Linux and macOS operating systems. Being cross-platform allows the malware authors to gain advantage of wide infection on all major platforms... SysJoker has the ability to execute commands remotely as well as download and execute new malware on victim machines.” 

The discovery of a Rust variant of SysJoker points to an evolution of the cross-platform threat, with the implant employing random sleep intervals at various stages of its execution, likely in an effort to evade sandboxes. After establishing connections with the server, the malware awaits further additional payloads that are then executed on the compromised host. 

Check Point also discovered two previously unseen SysJoker samples designed for Windows that are significantly more complex, one of which uses a multi-stage execution process to launch the malware. 

One notable attribute is the use of OneDrive to retrieve the encrypted and encoded C2 server address, which is subsequently parsed to extract the IP address and port to be used." Using OneDrive allows the attackers to easily change the C2 address, which enables them to stay ahead of different reputation-based services... This behavior remains consistent across different versions of SysJoker," according toCheck Point.

For as long as the military conflict continues, online attacks will only increase as Hamas seeks to enlist support from nations and state-sponsored groups in the Middle East and elsewhere who are hostile to Israel.

Check Point:   VMWare:    Intezer:    Hacker News:    Clearsky:   ETDA:    Cyberscoop:   

Image: Max Bender

You Might Also Read: 

Online Conflict In Gaza & Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Creating A Top-Notch Financial App With Advanced Cybersecurity
Cyber Security Executive Confesses To Hacking Hospitals »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Digital Forensics Inc (DFI)

Digital Forensics Inc (DFI)

Digital Forensics Inc. is a nationally recognized High Technology Forensic Investigations and Information System Security firm

CyberArk Software

CyberArk Software

CyberArk is an established leader in privileged access management and offers the most complete set of Identity Security capabilities.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

Cybersixgill

Cybersixgill

Cybersixgill was founded with a single mission: to protect organizations against malicious cyber attacks that come from the deep and dark web, before they materialize.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

FifthDomain

FifthDomain

We are a specialist cyber security education and training company tackling the global cyber security skills shortage.

Secberus

Secberus

SECBERUS creates cloud security technology to help organizations stay secure & compliant in the public cloud.

Newberry Group

Newberry Group

The Newberry Group provides comprehensive IT services and solutions that optimize operations, minimize risk and deliver measurable business value.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

MicroAge

MicroAge

Powered by five decades of experience, lasting partnerships, client relationships, and the values that guide us daily, MicroAge is here to help you secure, accelerate, and transform your business.

Blink Ops

Blink Ops

Blink helps security teams streamline everyday workflows and protect your organization better.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.