Hamas Affiliates Attacking Israel

Uploaded on 2024-11-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

A cyber attacking group affiliated to Hamas has expanded their malicious cyber operations and is using disruptive attacks that focus on Israel. 

Groups thought to be associated with Hamas, Hezbollah and Iran have been active for years, running operations ranging from cyber espionage and data theft to hack-and-leak operations, as well as the attacking of industrial control facilities

And now the activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt according to analysis by Check Point

Check Point's researchers have been closely tracking a significant cyber campaign led by the WIRTE group, an Advanced Persistent Threat (APT) originating from the Middle East with connections to Gaza Cybergang, a cluster affiliated with Hamas. Active since at least 2018, the covert organisation has gained notoriety for its politically driven cyber-espionage activities, focusing on intelligence gathering that likely ties into the complexities of regional geopolitical conflicts.  "The Israel-Hamas conflict has not disrupted the WIRTE's activity, and they continue to leverage recent events in the region in their espionage operations," said Check Point. 

"In addition to espionage, the threat actor recently engaged in at least two waves of disruptive attacks against Israel."

WIRTE is the name assigned to a Middle Eastern Advanced Persistent Threat (APT) group that has been active since  2018, targeting a broad spectrum of entities across the region. It was first written about by the Spanish cyber security company S2 Grupo. The hacking group is assessed to be part of a politically motivated group called the Gaza Cyber Gang also known as TA402, which is known for using tools like BarbWire, IronWind, and Pierogi in its attack campaigns. "This cluster's activity has persisted throughout the war in Gaza," the Israeli company said. "On one hand, the group's ongoing activity strengthens its affiliation with Hamas; on the other hand, it complicates the geographical attribution of this activity specifically to Gaza."

WIRTE's activities in 2024 have been found to exploit the geopolitical tensions in the Middle East and the war to craft deceptive RAR archive lures that lead to the deployment of the Havoc post-exploitation framework. RAR is a proprietary archive file format that supports data compression, error correction and file spanning. Alternate chains observed prior to September 2024 have leveraged similar RAR archives to deliver the IronWind downloader.

These infection sequences employ a legitimate executable to sideload the malware-laced DLL and display to the victim the decoy PDF document.

Sideloading is the process of installing apps on a device that aren't from the official app store. This is typically done on a rooted Android device or a jailbroken iOS device.Sideloading can be used to customize applications beyond the limitations set by the official app store, and to install applications even without internet connectivity.

Check Point have also reported a phishing campaign which targeted several Israeli organisations, including hospitals and municipalities, in which emails were sent from a legitimate address belonging to cyber security company ESET's partner in Israel. "The email contained a newly created version of the SameCoin Wiper, which was deployed in attacks against Israel earlier this year," it said.  In addition to minor changes in the malware, the newer version introduces a unique encryption function that has only been found in a newer IronWind loader variant.

In addition to overwriting files with random bytes, the most recent version of the SameCoin wiper modifies the victim system's background to display an image bearing the name of Al-Qassam Brigades, the military wing of Hamas. 

SameCoin is a bespoke wiper that was uncovered in February 2024 as used by a Hamas-affiliated threat actor to sabotage Windows and Android devices. The malware was distributed under the guise of a security update.

CheckPoint   |   CheckPoint   |    Cloudflare   |   Hacker News   |    Lab52   |    Malware Insight   |   CyberScoop       

Image:  Michael Piepgras

You Might Also Read:

Israel-Hamas Conflict: The Escalation Of Cyberwarfare:   

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Using AI In Classrooms Is A Test Of Public Trust

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

Logpoint

Logpoint

Logpoint is a creator of innovative security platforms to empower security teams in accelerating threat detection, investigation and response with a consolidated tech stack.

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

TI Safe

TI Safe

TI Safe provide cybersecurity solutions for industrial networks of main critical infrastructures in Latin America.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

National Cyber Security Center (NCSC) - Hungary

National Cyber Security Center (NCSC) - Hungary

The National Cyber Security Center was established in 2015 by uniting the GovCERT-Hungary, National Electronic Information Security Authority (NEISA) and the Cyber Defence Management Authority (CDMA).

Marvell Technology Group

Marvell Technology Group

Marvell is a semiconductor company providing solutions for storage, processing, networking, security and connectivity.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

Wynyard Group

Wynyard Group

Wynyard Group is a niche, technology-driven company specializing in Integrated Border Security solutions for enhanced public safety.

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

CMIT Solutions

CMIT Solutions

CMIT Solutions is a recognized leader in Managed IT Services for businesses. We empower businesses like yours by providing innovative technology solutions, managed IT services and cybersecurity.