sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location

The Latest Cyber
Intelligence
from Si

Si Cyber Intel: “Gaza Hackers Team” Launches Malicious Malware
Apr2019

Si Cyber Intel: “Gaza Hackers Team” Launches Malicious Malware

In 2018, the threat group “Gaza Hackers Team” launched operation “SneakyPastes”, whereby they rely on services such as Pastebin and GitHub to host malicious malware for certain stages of the infection chain. Monitored closely by Kaspersky Labs, the cybergang is thought to be a politically motivated threat actor who actively target individuals and organisations who are interested in Palestinian problems.

Gaza Hackers Team has used SneakyPastes to carry out a number of politically-themed phishing emails directed at government entities, media outlets, journalists, education, activists, healthcare, banking and political parties from Palestinian territories.

Kaspersky Labs have discovered that operation SneakyPastes, is associated with three operational groups all on the same level in terms of sophistication, tools and techniques. Cybergang 1 is known as Molerats, Gaza cybergang 2 (who are previously linked to Desert Falcons) and Gaza cybergang 3 whose previous activities went by the name of Operation Parliament.

The threat actors spread their attacks via a phishing emails which carry the initial stage malware or a link that takes the victim to a paste site to download it. In order to hide their tracks, the threat actors use disposable email addresses and web domains for sending the infectious emails. Once the malware is executed, the final stage of the attack is a persistent RAT which busily collects spreadsheets and documents (PDF, DOCX, XLS and XLSX), which are compressed, encrypted and uploaded to the cybergang’s command-and-control server (C2). The threat actors have also used free file sharing services to host malware and hide their infrastructure.

Researchers have identified more than 240 victims in 39 countries who have been targeted by the SneakyPastes campaign. They have also noted that the cybergang is continuing to adapt and evolve in the Middle East and North Africa regions where they are able to access more advanced tools and experiment with more complex techniques and procedures which its believed will be put to use in the near future.

Indicators of compromise:

The following indicators of compromise should be noted:

Organisations: Gaza Hacker Team

Domains:

  • testmace.compress.to
  • supports.mefound.com
  • checktest.www1.biz
  • dji-msi.2waky.com
  • ramliktest.mynetav.org
  • mmh.ns02.us
  • wiknet.wikaba.com
  • time-loss.dns05.com
  • fulltest.yourtrap.com
  • testhoward.mysecondarydns.com
  • microsoft10.compress.to
  • saso10.myftp.biz
  • wiknet.mooo.com

IP Addresses:

  • 45.63.97.44
  • 192.169.7.250
  • 185.117.72.190
  • 104.200.67.190

Attack Vectors:

  • Phishing
  • C&C Server


To find out how Si Cyber can help protect your organisation, please contact sales@siconsult.com

 

All News

Register and stay up to date with Si’s Cyber Intelligence

By using this form you agree with the storage and handling of your data by this website.

Interested in our services?

Do you have a question or need more information?

We would like to hear from you! Please complete the form below and a representative from Si will follow up with you as soon as possible.

By using this form you agree with the storage and handling of your data by this website. Please view the terms of our policy here.
Close

Al Barsha Business Point, Office 501, Al Barsha One, P.O. Box 283996, Dubai, UAE

CALL OFFICE EMAIL OFFICE
Close

1st Floor, 6 Bevis Marks, London, EC3A 7BA

CALL OFFICE EMAIL OFFICE
Close

Supreme Headquarters Building, Office 807-810, Survey No. 36, Pune-Bangalore Highway, Baner, Pune 411045, India

CALL OFFICE EMAIL OFFICE
Close

Office 808, Tower II, The Gate Mall, West Bay, Doha, Qatar, PO Box 14023

CALL OFFICE EMAIL OFFICE

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this event has been submitted and you will be contacted within 24 hours.