Si Cyber Intel: “Gaza Hackers Team” Launches Malicious Malware
In 2018, the threat group “Gaza Hackers Team” launched operation “SneakyPastes”, whereby they rely on services such as Pastebin and GitHub to host malicious malware for certain stages of the infection chain. Monitored closely by Kaspersky Labs, the cybergang is thought to be a politically motivated threat actor who actively target individuals and organisations who are interested in Palestinian problems.
Gaza Hackers Team has used SneakyPastes to carry out a number of politically-themed phishing emails directed at government entities, media outlets, journalists, education, activists, healthcare, banking and political parties from Palestinian territories.
Kaspersky Labs have discovered that operation SneakyPastes, is associated with three operational groups all on the same level in terms of sophistication, tools and techniques. Cybergang 1 is known as Molerats, Gaza cybergang 2 (who are previously linked to Desert Falcons) and Gaza cybergang 3 whose previous activities went by the name of Operation Parliament.
The threat actors spread their attacks via a phishing emails which carry the initial stage malware or a link that takes the victim to a paste site to download it. In order to hide their tracks, the threat actors use disposable email addresses and web domains for sending the infectious emails. Once the malware is executed, the final stage of the attack is a persistent RAT which busily collects spreadsheets and documents (PDF, DOCX, XLS and XLSX), which are compressed, encrypted and uploaded to the cybergang’s command-and-control server (C2). The threat actors have also used free file sharing services to host malware and hide their infrastructure.
Researchers have identified more than 240 victims in 39 countries who have been targeted by the SneakyPastes campaign. They have also noted that the cybergang is continuing to adapt and evolve in the Middle East and North Africa regions where they are able to access more advanced tools and experiment with more complex techniques and procedures which its believed will be put to use in the near future.
Indicators of compromise:
The following indicators of compromise should be noted:
Organisations: Gaza Hacker Team
- C&C Server
To find out how Si Cyber can help protect your organisation, please contact email@example.com