Hamas Hackers Use New Malware

Uploaded on 2020-02-24 in TECHNOLOGY--Hackers, INTELLIGENCE--International, FREE TO VIEW

A series of Hamas-orchestrated cyber-attacks targeting Palestinian Authority officials has been identified  by the experts at CybereasonThe Hamas hacking unit, is a well orgnaised cell that has acted against various targets across the Middle East has been identifies using new malware in a campaign against the UN - recognised Palestinian Authority. The method uses phishing emails on enticing topics, typically ranging from the US killing of Iranian general Qassem Soleimani to the Trump administration’s, Middle East, peace proposal.

Once the targets are identified, the Hamas unit would hack into the victims' mobile phones, gaining access to their microphones and cameras as well as files and information stored on the devices. Cyberreason researchers say that spyware is deployed with extremely advanced technology, previously only available in Russia, China, the US and Israel.

The attacks were carried out in a similar way to previous attacks the unit committed against Israeli strategic assets. This hacking unit is a politically-motivated cell that has acted against various targets across the Middle East since 2012. The hackers most recently weeks attempted to breach carefully selected targets associated with the Palestinian Authority government.  Many of the malware samples analysed appear to have targeted Fatah, the ruling party in the West Bank and a longtime rival of Hamas.

It is unclear how the group was using the information it gathered on Fatah, but it’s just the latest example of geopolitical rivalries taking on a cyber dimension.

Cybereason reseaerchers think that the Hamas have  grown more sophisticated, developing some of their own tools and acquiring others in the process. Theere is also  larger group of  of hackers known as the Gaza Cybergang that some security companies have linked with Hamas. The Cybergang consists of multiple subgroups that have overlapping tools and targets, complicating analysts’ efforts to distinguish the hacking campaigns and definitively trace them to their source.

The attackers are using new malicious code, commonly referred to as backdoors, that allow them persistent access to their targets. The remote access Trojan has Ukrainian language embedded in it, raising the possibility that the Arabic-speaking group acquired the tool on an underground forum.

The Gaza Cybergang has been exploiting current events for years to break into computer networks in Israel and the Palestinian territories, at one point even posing as a spokesperson for the Israel Defense Forces. Given how effective the tactic has been, the group has every reason to keep doing so.

In the latest activity, the hacking group uses PDF file purporting to be a report from a popular Egyptian newspaper mentioning the leader of Hamas attending Soleimani’s funeral. Once opened, the PDF eventually drops its malicious code in two different places on the victim’s operating system. The code doesn’t run unless Arabic language keyboard settings are found on the machine.

CyberScoop:       Jerusalem Post:        Israel Hayom:        YNet news

You Might Also Read:

The New Wave Of Attack Vectors:

 

 

« The Cyber Security Workforce Must Grow 145%
Organisations Are Adopting AI For Cyber Security »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

National Cybersecurity Agency (ANCS) - Tunisia

National Cybersecurity Agency (ANCS) - Tunisia

ANCS (L'Agence Nationale de la Cybersécurité) is the national cybersecurity agency for Tunisia.

Beyond Security

Beyond Security

Beyond Security is a leader in automated vulnerability assessment and compliance solutions - enabling customers to accurately assess and manage security weaknesses in their networks and applications.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Seavus Accelerator

Seavus Accelerator

Seavus Accelerator's goal is to create an enabling and stimulating environment for start-ups growth and provide continuous high quality acceleration and investment support.

Hassans International Law Firm

Hassans International Law Firm

Hassans is the largest law firm in Gibraltar, providing a full range of legal services across corporate and commercial law including Data Protection and GDPR compliance.

IntelliGenesis

IntelliGenesis

IntelliGenesis provide comprehensive cyber, data science, analysis, and software development services that provide tailored, secure solutions for your critical data and intelligence needs.

Pentesec

Pentesec

Pentesec is a security specialist offering professional services, managed security services and expertise within an extensive range of security technologies.

Intuitive Research & Technology Corp

Intuitive Research & Technology Corp

Intuitive Research and Technology is an aerospace engineering and analysis firm providing services to the Department of Defense, government agencies, and commercial companies.

RiverSafe

RiverSafe

RiverSafe is a professional services provider specialising in Cyber Security, Data Operations and DevOps, putting security at the heart of everything we do.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

Enterprise Strategy Group

Enterprise Strategy Group

Enterprise Strategy Group, a division of TechTarget, is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community.

Merkle Science

Merkle Science

Merkle Science provides next generation risk mitigation, compliance and forensics for crypto-native businesses, DeFi participants, financial institutions & government agencies.

Chorology

Chorology

Chorology is a leading provider of intelligently automated, data compliance and posture enforcement solutions.