Hamas Hackers Use New Malware

Uploaded on 2020-02-24 in TECHNOLOGY--Hackers, INTELLIGENCE--International, FREE TO VIEW

A series of Hamas-orchestrated cyber-attacks targeting Palestinian Authority officials has been identified  by the experts at CybereasonThe Hamas hacking unit, is a well orgnaised cell that has acted against various targets across the Middle East has been identifies using new malware in a campaign against the UN - recognised Palestinian Authority. The method uses phishing emails on enticing topics, typically ranging from the US killing of Iranian general Qassem Soleimani to the Trump administration’s, Middle East, peace proposal.

Once the targets are identified, the Hamas unit would hack into the victims' mobile phones, gaining access to their microphones and cameras as well as files and information stored on the devices. Cyberreason researchers say that spyware is deployed with extremely advanced technology, previously only available in Russia, China, the US and Israel.

The attacks were carried out in a similar way to previous attacks the unit committed against Israeli strategic assets. This hacking unit is a politically-motivated cell that has acted against various targets across the Middle East since 2012. The hackers most recently weeks attempted to breach carefully selected targets associated with the Palestinian Authority government.  Many of the malware samples analysed appear to have targeted Fatah, the ruling party in the West Bank and a longtime rival of Hamas.

It is unclear how the group was using the information it gathered on Fatah, but it’s just the latest example of geopolitical rivalries taking on a cyber dimension.

Cybereason reseaerchers think that the Hamas have  grown more sophisticated, developing some of their own tools and acquiring others in the process. Theere is also  larger group of  of hackers known as the Gaza Cybergang that some security companies have linked with Hamas. The Cybergang consists of multiple subgroups that have overlapping tools and targets, complicating analysts’ efforts to distinguish the hacking campaigns and definitively trace them to their source.

The attackers are using new malicious code, commonly referred to as backdoors, that allow them persistent access to their targets. The remote access Trojan has Ukrainian language embedded in it, raising the possibility that the Arabic-speaking group acquired the tool on an underground forum.

The Gaza Cybergang has been exploiting current events for years to break into computer networks in Israel and the Palestinian territories, at one point even posing as a spokesperson for the Israel Defense Forces. Given how effective the tactic has been, the group has every reason to keep doing so.

In the latest activity, the hacking group uses PDF file purporting to be a report from a popular Egyptian newspaper mentioning the leader of Hamas attending Soleimani’s funeral. Once opened, the PDF eventually drops its malicious code in two different places on the victim’s operating system. The code doesn’t run unless Arabic language keyboard settings are found on the machine.

CyberScoop:       Jerusalem Post:        Israel Hayom:        YNet news

You Might Also Read:

The New Wave Of Attack Vectors:

 

 

« The Cyber Security Workforce Must Grow 145%
Organisations Are Adopting AI For Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

Applicure Technologies

Applicure Technologies

Applicure Technologies develops the leading multi-platform web application security software products to protect web sites and web applications from external and internal attacks.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

ITRecycla

ITRecycla

ITRecycla are specialists in the protection of sensitive computer data by data destruction, re-marketing of reusable computer equipment, computer recycling and disposing of electronic e-waste.

ERI

ERI

ERI is the largest fully integrated IT and electronics asset disposition provider and cybersecurity-focused hardware destruction company in the United States.

Siemens

Siemens

Siemens Industrial Security Services provide solutions for cybersecurity in automation environments based on the recommendations of the international standard IEC 62443.

Network Intelligence

Network Intelligence

Network Intelligence delivers a comprehensive suite of AI-powered cybersecurity solutions built on the ADVISE framework.

PA Consulting

PA Consulting

PA Consulting Group is a consultancy that specialises in strategy, technology and innovation. Our cyber security experts work with you to spot digital and technology security risks and reduce them.

Tenable

Tenable

Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

CypherEye

CypherEye

CypherEye is a next generation trust platform that advances the current state of Multi-factor Authentication (MFA) to enable highly secure, private and auditable cyber-transactions.

Insurica

Insurica

INSURICA is a full-service insurance agency built upon a tradition of integrity, industry leadership, and excellence.

ViCyber

ViCyber

ViCyber is an Australian based company whose mission is to simplify and strengthen cybersecurity for all businesses, irrespective of size.