Hamas Hackers Use New Malware

Uploaded on 2020-02-24 in TECHNOLOGY--Hackers, INTELLIGENCE--International, FREE TO VIEW

A series of Hamas-orchestrated cyber-attacks targeting Palestinian Authority officials has been identified  by the experts at CybereasonThe Hamas hacking unit, is a well orgnaised cell that has acted against various targets across the Middle East has been identifies using new malware in a campaign against the UN - recognised Palestinian Authority. The method uses phishing emails on enticing topics, typically ranging from the US killing of Iranian general Qassem Soleimani to the Trump administration’s, Middle East, peace proposal.

Once the targets are identified, the Hamas unit would hack into the victims' mobile phones, gaining access to their microphones and cameras as well as files and information stored on the devices. Cyberreason researchers say that spyware is deployed with extremely advanced technology, previously only available in Russia, China, the US and Israel.

The attacks were carried out in a similar way to previous attacks the unit committed against Israeli strategic assets. This hacking unit is a politically-motivated cell that has acted against various targets across the Middle East since 2012. The hackers most recently weeks attempted to breach carefully selected targets associated with the Palestinian Authority government.  Many of the malware samples analysed appear to have targeted Fatah, the ruling party in the West Bank and a longtime rival of Hamas.

It is unclear how the group was using the information it gathered on Fatah, but it’s just the latest example of geopolitical rivalries taking on a cyber dimension.

Cybereason reseaerchers think that the Hamas have  grown more sophisticated, developing some of their own tools and acquiring others in the process. Theere is also  larger group of  of hackers known as the Gaza Cybergang that some security companies have linked with Hamas. The Cybergang consists of multiple subgroups that have overlapping tools and targets, complicating analysts’ efforts to distinguish the hacking campaigns and definitively trace them to their source.

The attackers are using new malicious code, commonly referred to as backdoors, that allow them persistent access to their targets. The remote access Trojan has Ukrainian language embedded in it, raising the possibility that the Arabic-speaking group acquired the tool on an underground forum.

The Gaza Cybergang has been exploiting current events for years to break into computer networks in Israel and the Palestinian territories, at one point even posing as a spokesperson for the Israel Defense Forces. Given how effective the tactic has been, the group has every reason to keep doing so.

In the latest activity, the hacking group uses PDF file purporting to be a report from a popular Egyptian newspaper mentioning the leader of Hamas attending Soleimani’s funeral. Once opened, the PDF eventually drops its malicious code in two different places on the victim’s operating system. The code doesn’t run unless Arabic language keyboard settings are found on the machine.

CyberScoop:       Jerusalem Post:        Israel Hayom:        YNet news

You Might Also Read:

The New Wave Of Attack Vectors:

 

 

« The Cyber Security Workforce Must Grow 145%
Organisations Are Adopting AI For Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Homeland Security Advanced Research Projects Agency (HSARPA)

Homeland Security Advanced Research Projects Agency (HSARPA)

HSARPA's Cyber Security Division (CSD) was set up to address DHS cyber operational and critical infrastructure protection requirements.

Westermo Network Technologies

Westermo Network Technologies

Westermo designs and manufactures robust, resilient and secure data communications products for mission-critical industrial systems.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

StrongKey

StrongKey

StrongKey (formerly StrongAuth) is a leader in Enterprise Key Management Infrastructure, bringing new levels of capability and data security at a price point significantly lower than other solutions.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Arm

Arm

Arm delivers a complete IoT solution, from providing the IP for the chip to delivering the cloud services to securely manage the deployment of products throughout their lifecycle.

SoSafe

SoSafe

SoSafe empowers organizations to build a security culture and mitigate risk with its GDPR-compliant awareness programs.

X-Ways Software Technology

X-Ways Software Technology

X-Ways provide software for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security.

Right-Hand Cybersecurity

Right-Hand Cybersecurity

Right-Hand Cybersecurity empowers businesses to monitor, measure and mitigate employee induced cyber risks in real-time.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Dope Security

Dope Security

Dope Security is a fly-direct Secure Web Gateway that eliminates the data center stopover architecture required by legacy providers, instead performing security directly on the endpoint.

Center for Information Security Awareness (CFISA)

Center for Information Security Awareness (CFISA)

CFISA was formed by a group of academics, security and fraud experts to explore ways to increase security awareness among audiences, including consumers, employees, businesses and law enforcement.

Supra ITS

Supra ITS

Supra ITS is a leading full-service technology partner offering IT Consulting, Cloud Services, 24x7 Managed IT & Cybersecurity Services, and IT Project Support.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.