A report by Israeli intelligence-linked cybersecurity company Cybereason has uncovered evidence of what the company says are two separate cyberwarfare operations by Hamas against the Fatah-led Palestinian Authority.
According to the report, the cyberattacks are targeting PA officials and organizations, and include attempts to hack officials’ phones, transmit stolen data and take control of microphones and cameras to spy on their adversaries.
Cybereason attributes the attacks to the ‘MoleRATs’, also known as ‘The Gaza Cybergang’, which it says is a Hamas-linked cyberwarfare unit operating in the region since 2012.
The group reportedly targets its victims via at least two separate operations, including the ‘Spark Campaign’ – in which hackers send phishing emails on topics like President Trump’s recent ‘Deal of the Century’ Israeli-Palestinian peace plan, tensions between Hamas and the Egyptian government, the US drone strike assassination of Iranian General Qasem Soleimani, and the historic rivalry between Hamas and Fatah. Malicious files contained in the emails urge targets to download additional dummy archive files, which contain an executable which allows hackers to take control of the device.
The second operation, known as ‘The Pierogi Campaign’, is a curious, newly discovered effort using decoy malicious files to create a backdoor. The program, nicknamed after the delicious Ukrainian dumpling dish, makes use of the Ukrainian language, and is thought to have fallen into Hamas’s hands via the dark web.
Speaking to The Jerusalem Post, a spokesperson from Cybereason said that the hacking campaigns have shown “an increase in the level of abilities and overall sophistication” in recent years. According to the spokesperson, while the cyberoperations “are not yet as sophisticated as those sponsored by world powers…it is clearly visible that there is learning and acquisition of advance cyberwarfare abilities.”
Although Cybereason suspects Hamas of involvement in the hacking operations, the company covers its bases and says that it cannot be 100 percent certain regarding who is responsible. “It is important to remember there are many threat actors operating in the Middle East, and often there are overlaps in TTPs, tools, motivation and victimology. There have been cases in the past where at threat actor attempted to mimic another to thwart attribution efforts, and as such, attribution should rarely be taken as is, but instead with a grain of salt and critical thinking,” the report says.
Founded by Israeli cybersecurity experts in 2012, Cybereason is believed to have links with Israeli military intelligence. Late last month, US media reported that the firm’s investment partnership with SoftBank and US defence giant Lockheed Martin has given it access to some of the US government’s most classified networks.