Tag Archive for: IsraelHamas

Russia-Ukraine and Israel-Hamas Wars Reveal All [Cyber] Conflicts Are Global

/in


During an impassioned public plea in October, President Joe Biden linked the Gaza and Ukraine conflicts, saying each is “vital for America’s national security.” The subsequent funding bill also linked the two and quickly became political, with debates about the connection raging. 

However, while debates continue, cyberspace reflects the two conflicts being intimately linked to broader geopolitical alliances. It also serves as proof of the blurring lines between traditional hacktivism as an ideologically motivated activity and organized nation-state actor attacks. 

Cyber War’s Reach

The wide-reaching effects of cyber war mean that even civilians of countries not directly involved in a war might be impacted.

For instance, in 2020, Israel faced a significant cyber threat targeting critical water infrastructure. For the US, this threat became a reality in 2023. The Iranian CyberAv3ngers group exploited vulnerabilities in US industrial control systems, revealing significant cybersecurity weaknesses in American water utilities.

The nature of modern cyber warfare adds a global aspect to nearly every conflict. Nations must tackle the issue with universally coordinated and revamped tactics able to combat sophisticated nation-states in a truly global digital battlefield.

The Blurring of Lines

The trend of cybercriminals declaring allegiances to nation-states and actively participating in geopolitical conflicts comes as the distinction between hacktivists, cybercriminals, and nation-state actors continues to erode.

Hacktivist groups, such as SiegedSec, have been acting against the West by declaring allegiances to Russia and targeting Israel’s government infrastructure and Shufersal, the country’s largest supermarket chain.

The increasingly complex web of alliances and motives in the cyber realm means that nation-state actors, traditionally associated with espionage, are now engaging in economic crimes. North Korean state actors are this trend’s epitome, being responsible for a quarter of all global cryptocurrency currency thefts.

Meanwhile, Chinese state actors have gone to unprecedented lengths to conduct economic espionage and intellectual property theft. These actors routinely…

Source…

Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker

/in


Key Findings

  • Check Point Research is actively tracking the evolution of SysJoker, a previously publicly unattributed multi-platform backdoor, which we asses was utilized by a Hamas-affiliated APT to target Israel.
  • Among the most prominent changes is the shift to Rust language, which indicates the malware code was entirely rewritten, while still maintaining similar functionalities. In addition, the threat actor moved to using OneDrive instead of Google Drive to store dynamic C2 (command and control server) URLs.
  • Analysis of newly discovered variants of SysJoker revealed ties to previously undisclosed samples of Operation Electric Powder, a set of targeted attacks against Israeli organizations between 2016-2017 that were loosely linked to the threat actor known as Gaza Cybergang.

Introduction

Amid tensions in the ongoing Israel-Hamas war, Check Point Research has been conducting active threat hunting in an effort to discover, attribute, and mitigate relevant regional threats. Among those, some new variants of the SysJoker malware, including one coded in Rust, recently caught our attention. Our assessment is that these were used in targeted attacks by a Hamas-related threat actor.

SysJoker, initially discovered by Intezer in 2021, is a multi-platform backdoor with multiple variants for Windows, Linux and Mac. The same malware was also analyzed in another report a few months after the original publication. Since then, SysJoker Windows variants have evolved enough to stay under the radar.

As we investigated the newer variants of SysJoker that were utilized in targeted attacks in 2023, we also discovered a variant written in Rust, which suggests the malware code was completely rewritten. In addition, we also uncovered behavioral similarities with another campaign named Operation Electric Powder which targeted Israel in 2016-2017. This campaign was previously linked to Gaza Cybergang (aka Molerats), a threat actor operating in conjunction with Palestinian interests.

In this article, we drill down into the Rust version of SysJoker, as well as disclose additional information on other SysJoker Windows variants and their attribution.

Rust SysJoker…

Source…

‘Hacktivists’ join the front lines in Israel-Hamas war

/in


WASHINGTON and JERUSALEM — When Hamas sprung its deadly assault on Israel in early October, its militants came from land, air and sea.

The Palestinian group launched rockets at populous areas, deployed drones to destroy observation posts, used motorized gliders to float fighters over fortified borders and dispatched speedboats into defended waters. The effects were instantly tangible, with many Israelis killed, abducted or displaced. Infrastructure, including hardened military installations, was damaged.

Less apparent were the virtual campaigns waged before, during and after the opening salvos, though not necessarily by Hamas itself. Hackers supporting its cause hijacked billboards and flooded phones with threatening texts. Grisly videos quickly circulated online, and social media platforms such as X, formerly Twitter, were saturated with front-line footage, some of it fake.

The online efforts serve many purposes, experts told C4ISRNET, including influencing public opinion, softening resistance and hampering the emergency response.

RELATED
U.S. Army Sgt. James Hyman collects information from two sensors — on an unmanned aerial system and a robotic dog — in order to conduct cyber operations during an operational readiness assessment in March 2023.

Cyberattacks “are increasing daily, with hundreds of attacks we’ve monitored so far,” said Gil Messing, the chief of staff at Check Point Software Technologies, a cybersecurity company with roots in Tel Aviv. “Our data shows an 18% increase in attacks on Israeli targets since the beginning of the war, and we expect it to continue.”

Hack-tivity

Outside groups with vested interests in the Israel-Hamas fight are dominating the cyber battlefield.

Operations include defacing popular websites and flooding networks with artificial traffic, rendering them unable to function. This tactic is known as a distributed denial-of-service, or DDoS, attack. Similar moves were seen in the opening days of the Russia-Ukraine war.

“Cyberattacks happened all along, before the [Hamas attack] and after,” said Messing, whose team monitors dozens of third-party groups around the world.

“Hacktivists play a critical role here and actually carry out the vast majority of attacks,” Messing added, using a term for hackers motivated by political or social movements.

Cloudflare, an American company that provides cybersecurity and network services, said media sites were…

Source…

Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks 

/in


Several hacker groups have joined in on the Israel-Hamas conflict escalation that started over the weekend after the Palestinian militant group launched a major attack.

Hamas launched an unprecedented attack on Israel out of Gaza, firing thousands of rockets and sending its fighters to the southern part of the country. In response, Israel declared war on Hamas and started to retaliate. Hundreds have been killed and thousands have been wounded on both sides as a result of the conflict escalation. 

In addition to the state-sponsored actors that have likely ramped up their cyber efforts behind the scenes, known hacktivist groups supporting both sides have intensified their cyberattacks. 

According to a timeline created by cybersecurity consultant and OSINT enthusiast Julian Botham, the first hacktivist attacks were launched against Israel by Anonymous Sudan less than one hour after the first rockets were fired by Hamas. The group targeted emergency warning systems, claiming to have taken down alerting applications in Israel.

The Jerusalem Post, the largest English-language daily newspaper in Israel, was also targeted by Anonymous Sudan. 

A pro-Hamas group called Cyber Av3ngers targeted the Israel Independent System Operator (Noga), a power grid organization, claiming to have compromised its network and shut down its website. The group also targeted the Israel Electric Corporation, the largest supplier of electrical power in Israel and the Palestinian territories, as well as a power plant. 

The notorious pro-Russian group Killnet has launched attacks against Israeli government websites.

Advertisement. Scroll to continue reading.

A Palestinian hacker gang named Ghosts of Palestine has invited hackers from around the world to attack private and public infrastructure in Israel and the United States. A group called Libyan Ghosts has started defacing small Israeli websites in support of Hamas.  

In most cases, these hacktivists have used distributed denial-of-service (DDoS) attacks to cause disruption. Some of them claimed to have caused significant disruption to their targets, but it’s not uncommon for hacktivists to exaggerate their claims. For instance, claims by Iran-linked…

Source…