Hamas Hackers Use New Malware

Uploaded on 2020-02-24 in TECHNOLOGY--Hackers, INTELLIGENCE--International, FREE TO VIEW

A series of Hamas-orchestrated cyber-attacks targeting Palestinian Authority officials has been identified  by the experts at CybereasonThe Hamas hacking unit, is a well orgnaised cell that has acted against various targets across the Middle East has been identifies using new malware in a campaign against the UN - recognised Palestinian Authority. The method uses phishing emails on enticing topics, typically ranging from the US killing of Iranian general Qassem Soleimani to the Trump administration’s, Middle East, peace proposal.

Once the targets are identified, the Hamas unit would hack into the victims' mobile phones, gaining access to their microphones and cameras as well as files and information stored on the devices. Cyberreason researchers say that spyware is deployed with extremely advanced technology, previously only available in Russia, China, the US and Israel.

The attacks were carried out in a similar way to previous attacks the unit committed against Israeli strategic assets. This hacking unit is a politically-motivated cell that has acted against various targets across the Middle East since 2012. The hackers most recently weeks attempted to breach carefully selected targets associated with the Palestinian Authority government.  Many of the malware samples analysed appear to have targeted Fatah, the ruling party in the West Bank and a longtime rival of Hamas.

It is unclear how the group was using the information it gathered on Fatah, but it’s just the latest example of geopolitical rivalries taking on a cyber dimension.

Cybereason reseaerchers think that the Hamas have  grown more sophisticated, developing some of their own tools and acquiring others in the process. Theere is also  larger group of  of hackers known as the Gaza Cybergang that some security companies have linked with Hamas. The Cybergang consists of multiple subgroups that have overlapping tools and targets, complicating analysts’ efforts to distinguish the hacking campaigns and definitively trace them to their source.

The attackers are using new malicious code, commonly referred to as backdoors, that allow them persistent access to their targets. The remote access Trojan has Ukrainian language embedded in it, raising the possibility that the Arabic-speaking group acquired the tool on an underground forum.

The Gaza Cybergang has been exploiting current events for years to break into computer networks in Israel and the Palestinian territories, at one point even posing as a spokesperson for the Israel Defense Forces. Given how effective the tactic has been, the group has every reason to keep doing so.

In the latest activity, the hacking group uses PDF file purporting to be a report from a popular Egyptian newspaper mentioning the leader of Hamas attending Soleimani’s funeral. Once opened, the PDF eventually drops its malicious code in two different places on the victim’s operating system. The code doesn’t run unless Arabic language keyboard settings are found on the machine.

CyberScoop:       Jerusalem Post:        Israel Hayom:        YNet news

You Might Also Read:

The New Wave Of Attack Vectors:

 

 

« The Cyber Security Workforce Must Grow 145%
Organisations Are Adopting AI For Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Grid32

Grid32

Grid32 provides independent computer system and physical security audit services to government and corporate clients of all sizes.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

Secura B.V.

Secura B.V.

Secura is an independent specialized cybersecurity expert, providing insights to protect valuable assets and data.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

CAPSLOCK

CAPSLOCK

CAPSLOCK delivers career-changing cyber training to help adults re-skill. Learn online to become a cyber security professional and pay no tuition until you land a high-paying job.

CYOSS

CYOSS

CYOSS, an ESG Group company, is a specialist in Cyber Security and Data Analytics. We focus on the opportunities of a networked world and make security risks manageable.

Digital Pathways

Digital Pathways

Digital Pathways is an award-winning data security provider that helps businesses protect their digital assets.

Kyndryl

Kyndryl

Kyndryl has a comprehensive portfolio that leverages hybrid cloud solutions, business resiliency, and network services to help optimize your IT workloads and transformations.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

Focus on Security

Focus on Security

Focus on Security are Cyber Security recruitment specialists. We’re dedicated to connecting you with the top Cyber Security talent across the globe. We focus on partnerships and results.

Nuance Communications

Nuance Communications

From revolutionizing the doctor-patient relationship to reinventing the way brands connect with their customers, Nuance technology helps organizations push the boundaries of what’s possible.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.

Fivecast

Fivecast

Fivecast is enabling a safer world. We help organizations around the world explore masses of data to uncover actionable insights.