A series of cyber attacks, apparently originating in the Gaza Strip and targeting senior officials of the Palestinian Authority, was revealed Thursday by an Israeli cybersecurity company.
According to Cybereason, spyware was inserted into phones in order to surveil the official's movements, retrieve sensitive files from the smartphones and monitor conversations.
The attack deployed an advanced tool known as "Pierogi," which was embedded into the phones through simple methodssych as fishing or posts on social media.
The hackers enticed their victims to click on social media posts with content relevant to the region: U.S. President Donald Trump's peace plan, coverage of the assassination of Iranian General Qassem Soleimani, the inter-Palestinian conflict between Hamas and Fatah as well as the Israeli-Palestinian issue.
The company's Nocturnus Research Team found clear evidence implicating a group of Gaza based hackers called MoleRATs and also known as "The Gaza Cybergang," which has been active since 2012. The group is affiliated with Hamas and supported by Iranian cyber units.
Although similar methods were used in cyber attacks on PA officials before, the latest effort reveals use more elaborate and sophisticated offensive capabilities and improved malware. For instance, the attack targeted phones where Arabic was the primary language, and if the same malware was to be installed in English or Hebrew speaking devices, it would not work.
The PA had in the past hacked the phones of the Hamas leadership both in Gaza and abroad, and both Palestinian factions have released embarrassing recordings and information meant to harm their adversaries.
Still, it is not inconceivable that there were more advanced cyber elements behind the attack, who wanted to understand the situation within the Palestinian leadership and were simply hiding behind a Hamas-affiliated cover.
Such advanced capabilities could be found at the disposal of state actors such as Russia, China, the U.S. and Israel.
Cybereason did not attempt to name anyone behind the attack and simply indicated that the methods used characterize the manner in which Gaza's "cybergang" operates.
"We specifically emphasized that there are many groups that are active in the Mideast and this attack could have come from Iranians or Egyptians," said a Cybereason official, "the data supports the idea that the Gaza based group or someone who is very good at impersonating it, is behind the attack."
The official added that Cybereason was concerned similar attacks could also target Israeli leadership. "We keep the National Cyber Security Authority aware of our findings."
Last May, an Israeli Air Force strike destroyed a building described as Hamas's "offensive cyberinfrastructure" meant to target Israel. Defense sources claimed the terror group's cyber capabilities were fatally compromised in that attack.
One official claimed Hamas was unsuccessful in establishing its cyber capabilities in the Strip. "All of the Hamas attempted offenses against Israeli cyberspace were detected and foiled before being carried out."