האקר
Illustrative
Photos: AFP/Reuters/Shutterstock
Illustrative

Hamas hackers targeting Arabic speakers, Israeli security firm says

Victims sent fake messages about burning issues in Mideast to entice them to click on malicious files; believed to be effort by terror group to understand mood in region as Israel begins to normalize ties with more Arab states

Yuval Mann |
Published: 12.09.20 , 15:11
A group of hackers believed to be acting as Hamas' cyber wing has recently carried out attacks against Arabic-speaking targets in the Palestinian Authority, United Arab Emirates, Egypt and Turkey, Israeli information security company Cyberizen said Wednesday.
  • Follow Ynetnews on Facebook and Twitter

  • The hackers sent victims fictitious messages claiming to have information about burning issues in the Middle East in order to entice users to click on malicious files.
    האקרהאקר
    Illustrative
    (Photos: AFP/Reuters/Shutterstock)
    Cyberizen's research group, Nocturnus, has discovered that in recent months the hacker group - dubbed the MoleRATs and the Gaza Cybergang - has been using new tools against targets in the Middle East.
    The attacks are likely triggered by the warming relations between Israel and Muslim countries in the region, and Cyberizen believes that the hackers' intended to steal information from government officials about developments in this area.
    Some of the announcements dealt with Netanyahu's brief visit to Saudi Arabia, during which he met with Crown Prince Mohammed bin Salman.
    הודעה על פגישת נתניהו וסלמאןהודעה על פגישת נתניהו וסלמאן
    A message containing malware claims to have information about PM Netanyahu's visit to Saudi Arabia
    (Photo: Cyberizen)
    Other messages claimed to deal with internal Palestinian issues such as the internal elections in Hamas and preparations by the Popular Front for the Liberation of Palestine for its 53rd anniversary.
    Investigators were surprised to discover that Hamas did not hesitate to take advantage of legitimate platforms, with one victim even receiving malware through posts from fictitious Facebook accounts.
    Two of the victims saved the malicious files in their Dropbox and Google Drive accounts and as a result gave the hackers access to the data stored there.
    Palestinians carry placards during a protest in Rafah in the southern Gaza Strip, on September 12, 2020, to condemn the normalisation of ties between Israeli and BahrainPalestinians carry placards during a protest in Rafah in the southern Gaza Strip, on September 12, 2020, to condemn the normalisation of ties between Israeli and Bahrain
    Palestinians protest in Gaza against normalization between Israel and Bahrain, Sept. 2020
    (Photo: AFP)
    Cyberizen believes that Hamas is using the cyber attacks to try to understand the mood in the Arab world as Israel enjoys new rapprochement with Middle Eastern countries such as the United Arab Emirates, Bahrain and Saudi Arabia.
    The new malware, which is apparently self-produced, signifies a step up in terms of the group's cyber capabilities.
    For example, since the targets of the attack are Arabic-speakers, the malware is only activated if it recognizes that the targeted computer has an Arabic keyboard installed.

    Talkbacks for this article 0