Gaza Hackers Successfully Target Israel with ‘Porn Star Video’ Malware

Egypt and Gaza-based hackers seem to have united against the Israeli government, military network and research infrastructure since the traces of two ongoing malware attacks lead to Gaza- reveals Trend Micro report.

Trend Micro’s report didn’t specifically name the targeted or affected websites and Israel’s National Cyber Authority spokesperson states that the government hasn’t received any “substantial” damage from these attacks. However, Trend Micro did discuss how the hackers accomplished the task.

Related Post: Suspended Israeli soldier gets ‘60,000 Facebook likes’ for aiming at Palestinian teen

Internet pornography on a computer screen

“Picture the following reconstruction based on one attack: An employee in an Israeli government research facility receives and opens a highly targeted phishing email. A pornographic movie starts to play on his screen, which he hurriedly closes before any of his colleagues notice. He then thinks nothing more of the event. Minutes later, an attacker from somewhere in the Gaza Strip in Palestine gets notified that a new victim’s system has been successfully infected. The attacker then proceeds to exfiltrate a package containing all of the interesting documents from the newly infected system.”

Three individuals have been identified as part of the attack and all three are working in Tech firms in Gaza. These individuals are also either listed as the buyers of the German domains (from where the attacks originated) or are involved in subsequent attacks launched against Egyptian targets from Gaza.

The two Campaigns:

Two different yet interlinked campaigns have been identified by Trend Micro. First one has been nicknamed Operation Arid Viper, which is an advanced and high-level attack targeting Israel. This particular campaign involves spreading of malware through spear-phishing emails containing a pornographic video. The video is actually a malware which gathers data from compromised machines through what is known as a “smash-and-grab attack.”

The second campaign has been nicknamed Operation Advtravel. It is a low-level targeted attack affecting only a few hundred in Egypt. It mainly infects personal laptops. Traces of its attackers have been found in Egypt.

Stark similarities exist in both these campaigns. For instance, both are being hosted from the same German servers. Moreover, their domains have been registered in the names of same individuals.

In comparison to the conventional APT-style attacks, Arid Viper appears much effective and serious whereas Advtravel seems to be slightly amateurish.

Trend Micro theorized that both the campaigns have been manifested by military setup in the Arab world. It can also be said that:

“There may be an overarching organisation or underground community that helps support Arab hackers fight back against perceived enemies of Islam”.

In the light of this theory, it isn’t hard to comprehend that many such campaigns will be observed in future from this unidentified umbrella organization.

Why Hackers Succeeded?

The main reason behind the successful accomplishment of these attacks, as explained in the report, is that these weren’t launched from Gaza. A majority of Israel’s Internet service providers and government agencies have banned communications to and from Gaza to prevent these sorts of attacks. However, the fact that Germany is not on Israeli ISPs “ban list” helped the hackers greatly in conducting the attacks successfully.

Moreover, the use of pornography was perfect alibi and a touch of genius because porn usually takes users’ focus away from malicious activity and if it manages to target professionals at work, they would never reveal or report the incident. The victim’s inefficiency in reporting about the attack will allow the malware to remain undetected and this aids the hackers tremendously.

Total
0
Shares
Related Posts