Cyber Attacks On Israel Expand

Uploaded on 2023-11-27 in NEWS-Cybersecurity News, FREE TO VIEW

In the wake of Hamas’s attack on Israel, researchers and cyber security firms observed greatly increased activityby hacktivists  hacktivists and state-sponsored hacking groups. As the conflict has intensified there has been a significant increase in the frequency and sophistication of cyber attacks on Israel. 

Now, recent analysis has focused on a Rust version of a cross-platform backdoor called SysJoker, which  has likely been used by a Hamas-affiliated threat actor to target Israel.

The research unit at Check Point has been conducting analysis to discover, attribute and mitigate the relevant threats. In particular, a new variants of the SysJoker malware has been identified, including one coded in Rust, which has been investigated by  Check Point’s attention. “Our assessment is that these were used in targeted attacks by a Hamas-related threat actor." their report says.

"Among the most prominent changes is the shift to Rust language, which indicates the malware code was entirely rewritten, while still maintaining similar functionalities.... In addition, the threat actor moved to using OneDrive instead of Google Drive to store dynamic C2 (command-and-control server) URLs," Check Point report.

  • SysJoker was first investigated by Intezer Labs in January 2022, describing it as a backdoor capable of gathering system information and establishing contact with an attacker-controlled server by accessing a text file hosted on Google Drive that contains a hard-coded URL.
  • According to research from VMWare “SysJoker RAT is cross-platform malware which targets Windows, Linux and macOS operating systems. Being cross-platform allows the malware authors to gain advantage of wide infection on all major platforms... SysJoker has the ability to execute commands remotely as well as download and execute new malware on victim machines.” 

The discovery of a Rust variant of SysJoker points to an evolution of the cross-platform threat, with the implant employing random sleep intervals at various stages of its execution, likely in an effort to evade sandboxes. After establishing connections with the server, the malware awaits further additional payloads that are then executed on the compromised host. 

Check Point also discovered two previously unseen SysJoker samples designed for Windows that are significantly more complex, one of which uses a multi-stage execution process to launch the malware. 

One notable attribute is the use of OneDrive to retrieve the encrypted and encoded C2 server address, which is subsequently parsed to extract the IP address and port to be used." Using OneDrive allows the attackers to easily change the C2 address, which enables them to stay ahead of different reputation-based services... This behavior remains consistent across different versions of SysJoker," according toCheck Point.

For as long as the military conflict continues, online attacks will only increase as Hamas seeks to enlist support from nations and state-sponsored groups in the Middle East and elsewhere who are hostile to Israel.

Check Point:   VMWare:    Intezer:    Hacker News:    Clearsky:   ETDA:    Cyberscoop:   

Image: Max Bender

You Might Also Read: 

Online Conflict In Gaza & Ukraine:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Creating A Top-Notch Financial App With Advanced Cybersecurity
Cyber Security Executive Confesses To Hacking Hospitals »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

RoboForm

RoboForm

RoboForm's industry-leading encryption technology securely stores your passwords, with one Master Password serving as your encryption key.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

IT Association of Slovakia (ITAS)

IT Association of Slovakia (ITAS)

ITAS is a professional association of domestic and foreign companies operating in the field of information and communication technologies

AppViewX

AppViewX

AppViewX is a global leader in the management, automation and orchestration of network services in data centers.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Idaptive

Idaptive

Idaptive delivers Next-Gen Access through a zero trust approach. Idaptive secures access everywhere with single sign-on, adaptive MFA, EMM and analytics.

SCADASUDO

SCADASUDO

SCADASUDO is a cyber solution architecture and design office, established by leading experts in the field of OT (Industrial control) and IT (information Technology).

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

InfusionPoints

InfusionPoints

InfusionPoints is your independent trusted partner dedicated to assisting you in building your secure and compliant business solutions.

Verichains

Verichains

Verichains Lab is a pioneer and leading APAC blockchain security firm with extensive expertise in the areas of security, cryptography and core blockchain technology.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.