Cyber Attacks On Israel Expand

Uploaded on 2023-11-27 in NEWS-Cybersecurity News, FREE TO VIEW

In the wake of Hamas’s attack on Israel, researchers and cyber security firms observed greatly increased activityby hacktivists  hacktivists and state-sponsored hacking groups. As the conflict has intensified there has been a significant increase in the frequency and sophistication of cyber attacks on Israel. 

Now, recent analysis has focused on a Rust version of a cross-platform backdoor called SysJoker, which  has likely been used by a Hamas-affiliated threat actor to target Israel.

The research unit at Check Point has been conducting analysis to discover, attribute and mitigate the relevant threats. In particular, a new variants of the SysJoker malware has been identified, including one coded in Rust, which has been investigated by  Check Point’s attention. “Our assessment is that these were used in targeted attacks by a Hamas-related threat actor." their report says.

"Among the most prominent changes is the shift to Rust language, which indicates the malware code was entirely rewritten, while still maintaining similar functionalities.... In addition, the threat actor moved to using OneDrive instead of Google Drive to store dynamic C2 (command-and-control server) URLs," Check Point report.

  • SysJoker was first investigated by Intezer Labs in January 2022, describing it as a backdoor capable of gathering system information and establishing contact with an attacker-controlled server by accessing a text file hosted on Google Drive that contains a hard-coded URL.
  • According to research from VMWare “SysJoker RAT is cross-platform malware which targets Windows, Linux and macOS operating systems. Being cross-platform allows the malware authors to gain advantage of wide infection on all major platforms... SysJoker has the ability to execute commands remotely as well as download and execute new malware on victim machines.” 

The discovery of a Rust variant of SysJoker points to an evolution of the cross-platform threat, with the implant employing random sleep intervals at various stages of its execution, likely in an effort to evade sandboxes. After establishing connections with the server, the malware awaits further additional payloads that are then executed on the compromised host. 

Check Point also discovered two previously unseen SysJoker samples designed for Windows that are significantly more complex, one of which uses a multi-stage execution process to launch the malware. 

One notable attribute is the use of OneDrive to retrieve the encrypted and encoded C2 server address, which is subsequently parsed to extract the IP address and port to be used." Using OneDrive allows the attackers to easily change the C2 address, which enables them to stay ahead of different reputation-based services... This behavior remains consistent across different versions of SysJoker," according toCheck Point.

For as long as the military conflict continues, online attacks will only increase as Hamas seeks to enlist support from nations and state-sponsored groups in the Middle East and elsewhere who are hostile to Israel.

Check Point:   VMWare:    Intezer:    Hacker News:    Clearsky:   ETDA:    Cyberscoop:   

Image: Max Bender

You Might Also Read: 

Online Conflict In Gaza & Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Creating A Top-Notch Financial App With Advanced Cybersecurity
Cyber Security Executive Confesses To Hacking Hospitals »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Potomac Institute for Policy Studies

Potomac Institute for Policy Studies

Potomac Institute undertakes research on key science, technology, and national security issues facing society, Study areas include cybersecurity.

Kroll

Kroll

Kroll provides clients a way to build, protect and maximize value through our differentiated financial and risk advisory and intelligence.

Coro Cybersecurity

Coro Cybersecurity

Coro (formerly Coronet) empowers organizations to protect against malware, ransomware, phishing, and botnets - across devices, users, and cloud applications.

Indusface

Indusface

Indusface offers best website security, web application firewall and SSL certificate to keep your online business much safer.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

Soteria

Soteria

Soteria is a global leader in the development, integration and implementation of advanced cyber security, intelligence and IT solutions, delivering complete end-to-end solutions.

LGMS - LE Global Services

LGMS - LE Global Services

LGMS is a leading cyber security penetration testing and assessment firm in the Asia Pacific region.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

SilverEdge Government Solutions

SilverEdge Government Solutions

SilverEdge is a next generation provider of innovative and proprietary cybersecurity, software, and intelligence solutions for the Defense and Intelligence Communities.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

Xact IT Solutions

Xact IT Solutions

Xact IT Solutions are a certified cybersecurity firm offering cybersecurity, compliance and managed services.

Astran

Astran

At Astran, we revolutionize data security by introducing a groundbreaking solution for data confidentiality headaches.

Acumenis

Acumenis

At Acumenis, we help organisations of all sizes to manage information security effectively. Our key services are penetration testing, ISO 27001 implementations, and security

VPNBlade

VPNBlade

VPNBlade is your go-to resource for expert reviews and advice on VPN services.