Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

New Attacks on Palestine Linked to ‘Gaza Cybergang’

The Gaza Cybergang, an advanced persistent threat (APT) group linked to the Palestinian terrorist organization Hamas, apparently continues to target organizations in the Middle East, researchers at Check Point revealed last week.

The Gaza Cybergang, an advanced persistent threat (APT) group linked to the Palestinian terrorist organization Hamas, apparently continues to target organizations in the Middle East, researchers at Check Point revealed last week.

The attacks observed by the security firm started with a spear-phishing email carrying a self-extracting archive that stored a Word document and a malicious executable. The emails purported to come from the Palestinian Political and National Guidance Commission and the documents contained copies of media reports from various Palestinian news websites.

While the targeted user is busy looking at the document, a piece of malware is being installed on their system. The malware, an upgraded variant of Micropsia, a tool previously linked to the Gaza Cybergang, is capable of taking screenshots, stealing documents, rebooting the system, obtaining information about the compromised device, and killing itself.

These and other capabilities are provided by more than a dozen modules, each named after characters in the American TV show “The Big Bang Theory” and a popular Turkish TV series called “Resurrection: Ertugrul.” In a related malware sample, the modules are named after various BMW car models (e.g. BMW_x1, BMW_x8).

The main target of this campaign, which Check Point has dubbed “Big Bang,” appears to be the Palestinian Authority, the governing body of the emerging Palestinian autonomous regions of the West Bank and Gaza Strip.

Researchers believe the latest attacks started in March and evidence suggests that they could be the work of the Gaza Cybergang, which has been known to target the Palestinian Authority many times in the past years.

“Although the group behind it seems to be focused on carefully selecting their victims, using a custom-made info-stealer for intelligence gathering operations, due to its very nature it is difficult to assert what the ultimate goal of this campaign is. Indeed, the next stages of the attack may even still be in the works, not yet deployed or only deployed to selected few victims,” Check Point researchers wrote in a blog post.

Also known as Gaza Hackers Team and Molerats, the threat actor has been active since at least 2012. Its targets include Israel, Egypt, Saudi Arabia, the UAE, Iraq, the United States, and some European countries.

Advertisement. Scroll to continue reading.

The group has occasionally suspended activity after security firms exposed its operations, but it has continued improving tools and techniques and expanding its list of targets.

One of the most recent reports on Gaza Cybergang was published in October 2017 by Kaspersky Lab. The security firm reported at the time that the group had been targeting organizations in the Middle East and North Africa (MENA) region, including an oil and gas company from which the hackers stole information for more than a year.

Cisco Talos also published a report on Gaza Cybergang last year, detailing attacks aimed at Palestinian law enforcement.

Related: Israel Accuses Hamas of Targeting Soldiers With World Cup App

Related: Cyberspies Target Middle East With Windows, Android Malware

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...