Washington, 29 Rabi’ul Akhir 1436/19 February 2015 (MINA) – A series of cyber attacks against Israel since mid-2013 appears to be coming from “Arab parties located in the Gaza Strip” and elsewhere, US security researchers say.
A research report by Trend Micro said the effort appears to be using “spear phishing” emails with an attachment disguised as a pornographic video.
When a user clicks on the attachment, it installs malware that allows for remote access of documents on the infected computer, the report said, Ma’an News Agency quoted by Mi’raj Islamic News Agency (MINA) as reporting.
The researchers said in a report released Sunday that this highly targeted campaign dubbed “Arid Viper” is a sort of “smash-and-grab” first seen in the middle of 2013, and which uses network infrastructure located in Germany.
The security firm said those behind the scheme are using sophisticated methods with the goal of stealing sensitive data from Israeli-based organizations — government, transport, military and academia and one organization based in Kuwait.
A similar campaign which uses some of the same techniques and infrastructure has also been hitting targets in Egypt. This less sophisticated effort has been called Operation Advtravel by Trend Micro.
The researchers said both campaigns are hosted on the same servers in Germany and can be tied back to activity from Gaza.
“On one hand, we have a sophisticated targeted attack, and on the other a less skilled attack that has all the hallmarks of beginner hackers. So why would these groups be working together?” Trend Micro said in a blog post.
“Our working theory (and subject of continuing investigation) is that there may be an overarching organization or underground community that helps support Arab hackers fight back against perceived enemies of Islam. They may do this by helping set up infrastructures, suggest targets and so on.”
The report suggests there will be an increase of such “cyber militia” activity in the Arab world, where non-state actors fight against other organizations that would traditionally be considered enemies.
A separate report by the Russian security firm Kaspersky said it had uncovered “the first known Arabic group of cyber mercenaries to develop and run full-scale cyber-espionage operations.”
Kaspersky said the group has targeted military and government entities, media outlets, security companies and other organizations.
Kaspersky said it identified more than 3,000 victims in 50 countries, with more than one million files stolen by the group it called “Desert Falcons.”
Activity was found mainly in Egypt, Palestinian territories, Israel and Jordan, but also in Qatar, Saudi Arabia, United Arab Emirates, Algeria, Lebanon, Norway, Turkey, Sweden, France, the United States and Russia.
The Falcons used emails secretly loaded with malware to infect computers for the scheme, Kaspersky said. (T/P010/P3)
Mi’raj Islamic News Agency (MINA)