Palestinian Authorities Under Cyber Attack

Uploaded on 2018-07-31 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A cyber-espionage group knows as the Gaza Cybergang that targeted Palestinian law enforcement last year is back in action, this time targeting Palestinian government officials.

These recent attacks started in March 2018, according to evidence surfaced by Israel-based cybersecurity firm Check Point. The new attacks seem to fit the same modus operandi of a group detailed in two reports from Cisco Talos and Palo Alto Networks last year.

The APT with a Hollywood obsession returns

Those reports detailed a spear-phishing campaign aimed at Palestinian law enforcement. The malicious emails tried to infect victims with the Micropsia infostealer, a Delphi-based malware that contained many strings referencing characters from the Big Bang Theory and Game Of Thrones TV shows.

Now, the same group appears to be back, and the only thing they've changed is the malware, which is now coded in C++. The TV shows references are still there, this time with mentions to the Big Bang Theory, but also a Turkish TV series named "Resurrection: Ertugrul."

Just like Micropsia, this new malware is also a powerful backdoor that can be extended with second-stage modules at any time.

According to Check Point, the group uses this new and improved backdoor to infect a victim, gather a fingerprint of his workstation, and then collect the names of .doc, .odt, .xls, .ppt, and .pdf documents and sending this list to the attacker's server.

Experts believe the cyber-espionage group analyses this list in search of sensitive files it could steal. When the attacker finds a "valuable" host, other modules are downloaded to perform other tasks.

Researchers believe this new malware supports 13 modules, based on the structure of its configuration file. The research team says it was able to recover only five modules, and have yet to determine the purpose of others.

Group now targets members of the Palestinian government

Check Point says that this year, the group appears to be targeting members of the Palestinian National Authority, which is Palestine's interim self-government body.

The theme of the spear-phishing emails is monthly press reports posing to come from the Palestinian Political and National Guidance Commission, sent to individuals connected with the Palestinian National Authority.

"Unlike in 2017, this time the malicious attachment is an executable which is actually a self-extracting archive, containing a decoy document and the malware itself," researchers said.

The self-extracting archive uses a Word-like icon to trick users into running the file and infecting themselves with malware.

Group behind attacks linked to Hamas

Check Point believes the advanced persistent threat (APT) behind these attacks is a group named the Gaza Cybergang. This group also goes under the names of Gaza Hackers Team or Molerats, and in 2016, cyber-security firm ClearSky linked this APT to Hamas, the Palestinian Sunni-Islamist fundamentalist organization, a terrorist organisation that's at odds with both Israel and the local government, to some degree.

The Gaza Cybergang appears to have been very busy this spring because recently Israel accused Hamas of trying to lure soldiers into installing malware-infected applications on their phones.

Bleeping Computer

You Might Also Read: 

Middle East: Cyberwar Heats Up:

Commando Bugs

 

« Artificial Intelligence & Threat Detection
Facebook & Fake News »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

Firebrand

Firebrand

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

IABG

IABG

IABG offer independent, product-neutral consulting as well as technical and scientific services for the use of safety-relevant systems and technologies.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

Volexity

Volexity

Volexity is a leading provider of threat intelligence and incident suppression services and solutions.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

X-Ways Software Technology

X-Ways Software Technology

X-Ways provide software for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

AlertSec

AlertSec

AlertSec Ensure is a U.S. patented technology that allows you to educate, verify and enforce encryption compliance of third-party devices.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

Radiance Technologies

Radiance Technologies

Radiance solutions provide technological advantage and operational superiority for our nation in the areas of intelligence, cyber and advanced weapon systems.

IGI Cybersecurity

IGI Cybersecurity

IGI Cybersecurity delivers people-driven cybersecurity for personalized, resilient cyber defense focused on individualized strategy and unshakeable partnership.

Highen Fintech

Highen Fintech

Highen is a blockchain software development company with offices in the United States and development centers in India.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.