One of Hamas' cyberwarfare wing's threat actors has been linked to an "elaborate campaign" targeting high-profile Israelis working in sensitive defense, law enforcement, and emergency services institutions.
Security firm Cybereason said in a report released on Wednesday that the campaign's operators used sophisticated social engineering techniques to deliver previously undocumented backdoors for Windows and Android devices.
For espionage purposes, the attack's goal was to obtain sensitive data from the victims' devices.
Infiltrations that lasted for months were given the codename "Operation Bearded Barbie" and have been linked to an Arabic-speaking and a politically motivated group known as Arid Viper, which operates out of the Middle East and is also known as APT-C-23 and Desert Falcon.
Recently, the threat actor has been accused of launching attacks on Palestinian activists and organizations using politically-themed phishing emails and decoy documents beginning around October 2021.
It's worth noting that the most recent intrusions have focused on stealing data from Israeli citizens' computers and mobile devices by tricking them into installing malicious messaging apps.
On Facebook, the social engineering attacks used catfishing to create fake profiles of attractive young women in order to gain the trust of the targeted individuals and become friends with them on Facebook. 'Catfishing'
"The operator of the fake account suggests migrating the conversation from Facebook to WhatsApp," the researchers explained. "The operator quickly obtains the target's mobile number by doing so."
By using WhatsApp as a medium of communication instead of Facebook, the attackers can then trick the victims into installing a malware downloader called Barb and an Android app called "VolatileVenom" that contains explicit sexual content (ie).
In addition, the BarbWire Backdoor, which is installed by the downloader module, has been a feature of the campaign.
Using the malware as a tool, a remote server can gain access to the victim's system and install additional payloads, all while establishing persistence, harvesting stored data, recording audio, taking screenshots, and downloading additional payloads.
Since at least 2017, Arid Viper has been using VolatileVenom, Android spyware that spoofs legitimate messaging apps and disguises itself as a system update.
Wik Chat, a malicious Android app, presents victims with an error message stating that "it will be uninstalled," only for it to stealthily run in the background and collect a wide range of data from their smartphones.
New infrastructure has been developed by the attackers to target Palestinians and other Arabic-speaking individuals, according to the researchers.
With improved stealth and more advanced malware, this campaign shows a significant step up in APT capabilities. C-23's They've also perfected their social engineering techniques, which include offensive HUMINT capabilities using a highly active and well-groomed network of fake Facebook accounts.
Post a Comment
Your suggestions and comments are welcome