The hackers are said to use “specially crafted lure content to trick their targets into opening malicious files that infect the victim’s machine.”
By World Israel News Staff
Cybereason, an Israeli-run cybersecurity technology company headquartered in Boston, says it has discovered “recent, targeted attacks in the Middle East” aimed at carrying out “politically-driven cyber espionage.”
In a statement released on Thursday, the company says that the “campaign seems to target Palestinian individuals and entities, likely related to the Palestinian [Authority] government.”
A Hamas “unit would hack into the victims’ mobile phones, gaining access to their microphones and cameras as well as files and information stored on the devices,” reports The Jerusalem Post.
The hackers are said to use “specially crafted lure content to trick their targets into opening malicious files that infect the victim’s machine” using “a previously undocumented” malware, dubbed Pierogi by Cybereason, says the company, which – based on the code used – might indicate that it was developed by Ukrainian-speaking hackers.
“The campaign’s lure content revolves around recent geopolitical events, especially the Israeli-Palestinian conflict, the assassination of Qasem Soleimani, and the ongoing conflict between Hamas and Fatah Palestinian movements,” says Cybereason.
“The modus-operandi of the attackers as well as the social engineering decoy content seem aligned with previous attacks carried out by an Arabic-speaking APT group called MoleRATs (aka Gaza Cybergang),” the company says.
The pro-Hamas cyber cell is believed to have attained the Pierogi technology through the dark web, says The Jerusalem Post.
Cybereason was founded in 2012 by Yonatan Striem-Amit, Lior Div, and Yossi Naar, according to its website.
In addition to its Boston headquarters, the company’s offices are located in Tel Aviv, London, and Tokyo.
Cybereason says it operates by exploiting the weaknesses of adversaries.
On the one hand, the company says, “layers of protection” against hacking “are irrelevant since adversaries will always find a way to bypass them.”
On the other hand, “after infiltrating an organization, the attackers [themselves] are vulnerable. Their activity offers an opportunity to discover the attack,” according to Cybereason.