Israeli gov & boffins targeted by pr0ntastic malware from Gaza
Second amateurish effort targets Egyptians too
Hackers from Gaza and Egypt appear to have teamed up in order to attack Israeli government, research, infrastructure and military networks.
Security researchers at Trend Micro have traced ongoing malware-based attacks against Israeli organisations back to Gaza.
Trend have uncovered two separate, but interconnected campaigns. The first, nicknamed Operation Arid Viper, is a highly-targeted attack on high-value Israeli targets. Customer malware is being slung using spear-phishing emails with an attachment containing malware disguised as a pornographic video.
The attached malware siphons off documents gathered from compromised machines in a sort of “smash-and-grab” attack. The first related malware sample was seen in the middle of 2013.
The second campaign, nicknamed Operation Advtravel, is a much less targeted attack with hundreds of victims in Egypt, whose infected systems appear to be personal laptops. The attackers involved with Operation Advtravel can be traced back to Egypt.
Both Operation Arid Viper and Operation Advtravel shared marked similarities. Both are hosted on the same servers in Germany and the domains for both operations have been registered by the same individuals.
While Arid Viper is a serious effort comparable to other APT-style attacks, Advtravel is an amateurish effort. Trend theorises that both are manifestations of cyber militia activity in the Arab world and that there “may be an overarching organisation or underground community that helps support Arab hackers fight back against perceived enemies of Islam”.
If Trend’s theory is correct then an unidentified umbrella organisation may be setting up infrastructures, suggesting targets and so on.
More details on the attacks, including technical details, can be found in Trend’s white paper, Operation Arid Viper – Bypassing the Iron Dome (PDF). ®