Palestinian Authorities Under Cyber Attack

Uploaded on 2018-07-31 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

A cyber-espionage group knows as the Gaza Cybergang that targeted Palestinian law enforcement last year is back in action, this time targeting Palestinian government officials.

These recent attacks started in March 2018, according to evidence surfaced by Israel-based cybersecurity firm Check Point. The new attacks seem to fit the same modus operandi of a group detailed in two reports from Cisco Talos and Palo Alto Networks last year.

The APT with a Hollywood obsession returns

Those reports detailed a spear-phishing campaign aimed at Palestinian law enforcement. The malicious emails tried to infect victims with the Micropsia infostealer, a Delphi-based malware that contained many strings referencing characters from the Big Bang Theory and Game Of Thrones TV shows.

Now, the same group appears to be back, and the only thing they've changed is the malware, which is now coded in C++. The TV shows references are still there, this time with mentions to the Big Bang Theory, but also a Turkish TV series named "Resurrection: Ertugrul."

Just like Micropsia, this new malware is also a powerful backdoor that can be extended with second-stage modules at any time.

According to Check Point, the group uses this new and improved backdoor to infect a victim, gather a fingerprint of his workstation, and then collect the names of .doc, .odt, .xls, .ppt, and .pdf documents and sending this list to the attacker's server.

Experts believe the cyber-espionage group analyses this list in search of sensitive files it could steal. When the attacker finds a "valuable" host, other modules are downloaded to perform other tasks.

Researchers believe this new malware supports 13 modules, based on the structure of its configuration file. The research team says it was able to recover only five modules, and have yet to determine the purpose of others.

Group now targets members of the Palestinian government

Check Point says that this year, the group appears to be targeting members of the Palestinian National Authority, which is Palestine's interim self-government body.

The theme of the spear-phishing emails is monthly press reports posing to come from the Palestinian Political and National Guidance Commission, sent to individuals connected with the Palestinian National Authority.

"Unlike in 2017, this time the malicious attachment is an executable which is actually a self-extracting archive, containing a decoy document and the malware itself," researchers said.

The self-extracting archive uses a Word-like icon to trick users into running the file and infecting themselves with malware.

Group behind attacks linked to Hamas

Check Point believes the advanced persistent threat (APT) behind these attacks is a group named the Gaza Cybergang. This group also goes under the names of Gaza Hackers Team or Molerats, and in 2016, cyber-security firm ClearSky linked this APT to Hamas, the Palestinian Sunni-Islamist fundamentalist organization, a terrorist organisation that's at odds with both Israel and the local government, to some degree.

The Gaza Cybergang appears to have been very busy this spring because recently Israel accused Hamas of trying to lure soldiers into installing malware-infected applications on their phones.

Bleeping Computer

You Might Also Read: 

Middle East: Cyberwar Heats Up:

Commando Bugs

 

« Artificial Intelligence & Threat Detection
Facebook & Fake News »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

SQA Service

SQA Service

SQA Service provide independent software and process Quality Assurance services.

Conference-Service.com

Conference-Service.com

Conference-Service.com provides a categorised calendar of conferences and events which includes Information Security.

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

SentryBay

SentryBay

SentryBay is a real-time data security company developing technology for PC, mobile, the cloud and IoT.

Resilience First

Resilience First

Resilience First is a not-for-profit organisation, led and funded by business to strengthen collective business resilience in all areas, including cyber security.

Zercurity

Zercurity

Zercurity is on a mission to build the ultimate cybersecurity operations platform for businesses. To help protect against a growing number of internal and external threats.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Deeper Network

Deeper Network

Deeper Network represents the world's first decentralized blockchain network for building a truly private, secure and fair Internet.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

CryptoNext Security

CryptoNext Security

CryptoNext provides optimal end-to-end post-quantum cybersecurity remediation tools and solutions for IT/OT infrastructures & applications.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.