Palestinian Authorities Under Cyber Attack

Uploaded on 2018-07-31 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A cyber-espionage group knows as the Gaza Cybergang that targeted Palestinian law enforcement last year is back in action, this time targeting Palestinian government officials.

These recent attacks started in March 2018, according to evidence surfaced by Israel-based cybersecurity firm Check Point. The new attacks seem to fit the same modus operandi of a group detailed in two reports from Cisco Talos and Palo Alto Networks last year.

The APT with a Hollywood obsession returns

Those reports detailed a spear-phishing campaign aimed at Palestinian law enforcement. The malicious emails tried to infect victims with the Micropsia infostealer, a Delphi-based malware that contained many strings referencing characters from the Big Bang Theory and Game Of Thrones TV shows.

Now, the same group appears to be back, and the only thing they've changed is the malware, which is now coded in C++. The TV shows references are still there, this time with mentions to the Big Bang Theory, but also a Turkish TV series named "Resurrection: Ertugrul."

Just like Micropsia, this new malware is also a powerful backdoor that can be extended with second-stage modules at any time.

According to Check Point, the group uses this new and improved backdoor to infect a victim, gather a fingerprint of his workstation, and then collect the names of .doc, .odt, .xls, .ppt, and .pdf documents and sending this list to the attacker's server.

Experts believe the cyber-espionage group analyses this list in search of sensitive files it could steal. When the attacker finds a "valuable" host, other modules are downloaded to perform other tasks.

Researchers believe this new malware supports 13 modules, based on the structure of its configuration file. The research team says it was able to recover only five modules, and have yet to determine the purpose of others.

Group now targets members of the Palestinian government

Check Point says that this year, the group appears to be targeting members of the Palestinian National Authority, which is Palestine's interim self-government body.

The theme of the spear-phishing emails is monthly press reports posing to come from the Palestinian Political and National Guidance Commission, sent to individuals connected with the Palestinian National Authority.

"Unlike in 2017, this time the malicious attachment is an executable which is actually a self-extracting archive, containing a decoy document and the malware itself," researchers said.

The self-extracting archive uses a Word-like icon to trick users into running the file and infecting themselves with malware.

Group behind attacks linked to Hamas

Check Point believes the advanced persistent threat (APT) behind these attacks is a group named the Gaza Cybergang. This group also goes under the names of Gaza Hackers Team or Molerats, and in 2016, cyber-security firm ClearSky linked this APT to Hamas, the Palestinian Sunni-Islamist fundamentalist organization, a terrorist organisation that's at odds with both Israel and the local government, to some degree.

The Gaza Cybergang appears to have been very busy this spring because recently Israel accused Hamas of trying to lure soldiers into installing malware-infected applications on their phones.

Bleeping Computer

You Might Also Read: 

Middle East: Cyberwar Heats Up:

Commando Bugs

 

« Artificial Intelligence & Threat Detection
Facebook & Fake News »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

F-Secure

F-Secure

F-Secure defends enterprises and consumers against everything from opportunistic ransomware infections to advanced cyber attacks.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Cyber Indemnity Solutions (CIS)

Cyber Indemnity Solutions (CIS)

CIS is an InsurTech company focused on licensing innovative cyber risk insurance solutions to the global insurance industry.

maCERT

maCERT

maCERT is the national Computer Emergency Response Team for Morocco.

Kivu Consulting

Kivu Consulting

Kivu Consulting combines technical and legal expertise to deliver data breach response, investigative, discovery and forensic solutions worldwide.

KeyXentic

KeyXentic

KeyXentic Inc. is a professional mobile and data security service provider. We are devoted to design convenient and strong security for user’s data protection and privacy without any compromise.

DataNumen

DataNumen

The fundamental mission of DataNumen is to recover as much data from inadvertent data disasters as possible.

LogicHub

LogicHub

LogicHub is built on the principle that every decision process for threat detection and response can and should be automated.

CyberSheath Services International

CyberSheath Services International

CyberSheath integrates your compliance and threat mitigation efforts and eliminates redundant security practices that don’t improve and in fact might probably weaken your security posture.

Kintent

Kintent

With Kintent, compliance becomes a habit, is simple to understand and achieve, and is continuously testable so that your customers can see that you are adhering to all your trust obligations.

ProLion

ProLion

ProLion provides Data Integrity solutions that ensure organisations’ data remains secure, compliant, manageable and accessible.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

KATIM

KATIM

KATIM is a leader in the development of innovative secure communication products and solutions for governments and businesses.

Accompio

Accompio

Accompio offer comprehensive support in the digitalisation of your business processes.