Security News > 2022 > April > Hamas-linked cyber-spies 'target high-ranking Israelis'

Hamas-linked cyber-spies 'target high-ranking Israelis'
2022-04-06 20:24

A prolific Middle East team with links to Hamas is said to be using malware and infrastructure to target high-ranking Israeli officials and steal sensitive data from Windows and Android devices.

The advanced persistent threat group - known by some as APT-C-23, Arid Viper, Desert Falcon, and FrozenCell, among other names - set up an elaborate cyberespionage campaign, spending months rolling out fake Facebook accounts to target specific potential Israeli victims, according to Cybereason's Nocturnus threat intelligence team.

All three malware [samples] in use were also specifically designed to be used against Israeli targets, and were not observed being used against other targets. This 'tight grip' on their targets attests to how important and sensitive this campaign was for the threat actors," Nocturnus stated.

After gaining the trust of the victim, the operative suggests they move the conversation to WhatsApp - and gets the target's cellphone number in the process - and then often using sexually-themed content to convince the victim to engage with an even more discrete means of communication, such as a designed Android messaging app that contains the VolatileVenom malware.

Once they click on the video, malware is installed on the Windows system in the background while the target is distracted by the video, the researchers wrote.

The malware continues running in the background, locating and gathering data before sending it to the C2. "This campaign shows a considerable step-up in APT-C-23 capabilities, with upgraded stealth, more sophisticated malware, and perfection of their social engineering techniques which involve offensive HUMINT capabilities using a very active and well-groomed network of fake Facebook accounts that have been proven quite effective for the group," the researchers wrote.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/06/apt-israeli-officials/