Security News
The Hamas-backed hacking group tracked as 'APT-C-23' was found catfishing Israeli officials working in defense, law, enforcement, and government agencies, ultimately leading to the deployment of new malware. According to analysts at Cybereason, who named this new campaign 'Operation Bearded Barbie,' APT-C-23 is also deploying new custom backdoors for Windows and Android devices geared towards espionage.
A threat actor with affiliations to the cyber warfare division of Hamas has been linked to an "Elaborate campaign" targeting high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations. "The campaign operators use sophisticated social engineering techniques, ultimately aimed to deliver previously undocumented backdoors for Windows and Android devices," cybersecurity company Cybereason said in a Wednesday report.
A prolific Middle East team with links to Hamas is said to be using malware and infrastructure to target high-ranking Israeli officials and steal sensitive data from Windows and Android devices. The advanced persistent threat group - known by some as APT-C-23, Arid Viper, Desert Falcon, and FrozenCell, among other names - set up an elaborate cyberespionage campaign, spending months rolling out fake Facebook accounts to target specific potential Israeli victims, according to Cybereason's Nocturnus threat intelligence team.
In this video for Help Net Security, Yonit Wiseman, Associate at YL Ventures, talks about the Israeli cybersecurity funding landscape in the past year. The Israeli cybersecurity industry has seen a rapid growth in the last decade, as many companies have reached the global market.
Israel's Nation Cyber Directorate confirmed in a tweet on Monday that a denial-of-service attack against a telecommunications provider took down several government sites, as well as others not affiliated with the government. Internet tracker NetBlocks reported that the attacks were launched against Israeli telecom providers Bezeq and Cellcom.
A massive distributed denial-of-service attack forced Israeli officials Monday to temporarily take down several government websites and to declare a state of online emergency to assess the damage and begin investigating who was behind the incident. In a tweet, the Israel National Cyber Directorate said it had detected the DDoS attack against a communications provider and that several websites had been taken down, though all have since resumed normal activity.
A number of websites belonging to the Israeli government were felled in a distributed denial-of-service attack on Monday, rendering the portals inaccessible for a short period of time. "In the past few hours, a DDoS attack against a communications provider was identified," the Israel National Cyber Directorate said in a tweet.
The politically motivated Moses Staff hacker group has been observed using a custom multi-component toolset with the goal of carrying out espionage against its targets as part of a new campaign that exclusively singles out Israeli organizations. First publicly documented in late 2021, Moses Staff is believed to be sponsored by the Iranian government, with attacks reported against entities in Israel, Italy, India, Germany, Chile, Turkey, the U.A.E., and the U.S. Earlier this month, the hacker collective was observed incorporating a previously undocumented remote access trojan called "StrifeWater" that masquerades as the Windows Calculator app to evade detection.
ForcedEntry - the exploit of a zero-click iMessage zero day that circumvented Apple's then-brand-new BlastDoor security feature starting a year ago - was picked apart not just by NSO Group with its Pegasus spyware but also by a newly uncovered, smaller smartphone-hacking toolmaker named QuaDream. Two sources also said that QuaDream and NSO Group came up with the iPhone exploit techniques on their own, separately - as opposed to collaborating.
A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices. The zero-click exploit in question is FORCEDENTRY, a flaw in iMessage that could be leveraged to circumvent iOS security protections and install spyware that allowed attackers to scoop up a wealth of information such as contacts, emails, files, messages, and photos, as well as access to the phone's camera and microphone.