Cyber Attacks On Israel Expand

Uploaded on 2023-11-27 in NEWS-Cybersecurity News, FREE TO VIEW

In the wake of Hamas’s attack on Israel, researchers and cyber security firms observed greatly increased activityby hacktivists  hacktivists and state-sponsored hacking groups. As the conflict has intensified there has been a significant increase in the frequency and sophistication of cyber attacks on Israel. 

Now, recent analysis has focused on a Rust version of a cross-platform backdoor called SysJoker, which  has likely been used by a Hamas-affiliated threat actor to target Israel.

The research unit at Check Point has been conducting analysis to discover, attribute and mitigate the relevant threats. In particular, a new variants of the SysJoker malware has been identified, including one coded in Rust, which has been investigated by  Check Point’s attention. “Our assessment is that these were used in targeted attacks by a Hamas-related threat actor." their report says.

"Among the most prominent changes is the shift to Rust language, which indicates the malware code was entirely rewritten, while still maintaining similar functionalities.... In addition, the threat actor moved to using OneDrive instead of Google Drive to store dynamic C2 (command-and-control server) URLs," Check Point report.

  • SysJoker was first investigated by Intezer Labs in January 2022, describing it as a backdoor capable of gathering system information and establishing contact with an attacker-controlled server by accessing a text file hosted on Google Drive that contains a hard-coded URL.
  • According to research from VMWare “SysJoker RAT is cross-platform malware which targets Windows, Linux and macOS operating systems. Being cross-platform allows the malware authors to gain advantage of wide infection on all major platforms... SysJoker has the ability to execute commands remotely as well as download and execute new malware on victim machines.” 

The discovery of a Rust variant of SysJoker points to an evolution of the cross-platform threat, with the implant employing random sleep intervals at various stages of its execution, likely in an effort to evade sandboxes. After establishing connections with the server, the malware awaits further additional payloads that are then executed on the compromised host. 

Check Point also discovered two previously unseen SysJoker samples designed for Windows that are significantly more complex, one of which uses a multi-stage execution process to launch the malware. 

One notable attribute is the use of OneDrive to retrieve the encrypted and encoded C2 server address, which is subsequently parsed to extract the IP address and port to be used." Using OneDrive allows the attackers to easily change the C2 address, which enables them to stay ahead of different reputation-based services... This behavior remains consistent across different versions of SysJoker," according toCheck Point.

For as long as the military conflict continues, online attacks will only increase as Hamas seeks to enlist support from nations and state-sponsored groups in the Middle East and elsewhere who are hostile to Israel.

Check Point:   VMWare:    Intezer:    Hacker News:    Clearsky:   ETDA:    Cyberscoop:   

Image: Max Bender

You Might Also Read: 

Online Conflict In Gaza & Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Creating A Top-Notch Financial App With Advanced Cybersecurity
Cyber Security Executive Confesses To Hacking Hospitals »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Potomac Institute for Policy Studies

Potomac Institute for Policy Studies

Potomac Institute undertakes research on key science, technology, and national security issues facing society, Study areas include cybersecurity.

Computer & Communications Industry Association (CCIA)

Computer & Communications Industry Association (CCIA)

CCIA supports efforts to facilitate and streamline information sharing on cyber threats between the private sector and the Federal Government.

Early Warning Services

Early Warning Services

Early Warning is committed to providing awareness, education, and enablement around fraud prevention.

NowSecure

NowSecure

NowSecure are the experts in mobile app security testing software and services.

Parsons

Parsons

Parsons has developed a converged security offering that combines cybersecurity, integrated network solutions, and critical infrastructure protection.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

Brighterion

Brighterion

Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.

Kasm Technologies

Kasm Technologies

Kasm Browser Isolation - Protect your organization from malware, ransomware and phishing by using zero-trust containerized browsers.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

Archon Secure

Archon Secure

Archon GoSilent Cube delivers a CSfC-certified, plug-and-play security solution for classified and unclassified communication when using the public Internet.

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs are a group of IT security specialists, ethical hackers, and researchers driven to identify security flaws before cyber threat actors does.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.

Minimus

Minimus

Minimus, a pioneering application security startup, offers a groundbreaking platform that eliminates over 95% of Common Vulnerabilities and Exposures (CVEs) from software supply chains.