A study conducted by the Israeli cybersecurity company Security Joes, has found a new type of wiper malware in Israel that has the capability to erase computer systems and render them inoperable, which is believed to be used by Hamas terrorists or other hackers affiliated with or working for the terrorist organization.
The malware, was discovered in several Israeli corporate networks, causing significant damage wherever it was deployed. Named BiBi-Linux wiper, the malware can erase and corrupt crucial files in Linux operating systems and cause significant damage. Additionally, the word BiBi (a reference to Prime Minister Benjamin Netanyahu’s nickname) is coded within the malware itself.
The hackers may have attempted to send a message through this malware, though it is unclear whether it is merely an attempt to mislead or obscure the malware's footsteps.
The malware’s characteristics resemble advanced cyberweapons previously developed by other states. A notable example is Shamoon, a malware that was used by Iranian hackers to attack computer systems in the Middle East.
The use of such malware demonstrates an escalation in the capabilities of Hamas supporters who are involved in cyber warfare
Shamoon was reportedly based on cyberweapons that were used to target Iranian entities almost a decade ago, allegedly developed by Israel and the United States, according to foreign reports. It's unclear if the current malware is a version of an existing cyberweapon or an original development, and its source remains unknown.
The development of such malware requires advanced capabilities, which are typically not found in activist groups or even cyber teams of terrorist organizations. "We identified this malware in a group of Hamas sympathizers. Hamas could have the capabilities to develop such malware, but at the moment, we’re still investigating the group's capabilities," according to Security Joes CEO Ido Naor.
The malware’s discovery was made after the company was called upon to assist Israeli companies that were attacked as part of its volunteer efforts during the war in Gaza.
Countries currently possessing cyber weapons of this caliber include Iran, China, North Korea and, likely, Russia. These countries’ cyber activity has posed significant challenges in recent years.
While China focuses on its espionage efforts, North Korea attempts to blackmail victims due to its struggling economy with the help of ransomware, and Russia concentrates on propaganda and disinformation. Iran is the only one among these four countries that has mainly engaged this malware in destructive attacks.
The use of such malware demonstrates an escalation in the capabilities of Hamas supporters who are involved in cyber warfare. The terrorist organization is no longer limited to website defacement, email breaches, or data theft as it was in the past. Instead, it presents dangerous capabilities that can cause significant damage to any organization targeted by such malware.
Security Joes has shared the malware’s indicators (identifiers used for locating the malware in organizational security systems) with the National Cyber Security Authority, with a recommendation to update cyber security measures in Israeli companies and institutes to counteract this malware.