israeli Cybereason: Arabic speaking attackers seduce Palestinian officials to click malicious links

In recent months, a series of cyber attacks in the Middle East have been discovered, with the targets being targeted by Palestinian officials. Their purpose is to spy on mobile phones of the authority, to open a camera without the knowledge of the device owner, listening to what is happening in the environment and stealing files and information.]

The attacks were detected by the Nocturnus research group, the Israeli cyber company, which followed the series of attacks. The data analysis shows parallels to attacks previously made by hackers using the nicknames "MoleRATs" and "The Gaza Cybergang," which have previously attacked Israeli strategic targets, an Arabic-speaking attack group, which is primarily against political motives and operates against various targets in the Middle East since 2012.
In deciphering the case, Cybrisen revealed the attackers' actions, which included disseminating geopolitical content to cause attackers to click malicious links, thus infecting them with damage. The contagion campaign included content on Donald Trump's "century deal", the assassination of Iranian general Qassem Suleimani, the tension between Hamas and Fatah, and the Israeli-Palestinian conflict.
The attack group used new malware that had not been seen before, known as Pierogi. Which was first discovered in December 2019 by Cybrizen and mentions previous patterns of action associated with the MoleRATs group, which included malware called Micropsia and Kasperagent. Israeli cyber investigators have found evidence of the use of Ukrainian language existing within the Pierogi malware files. Therefore, there is a suspicion that it was developed by Ukrainian-speaking hackers, and it is possible that the MoleRATs group has obtained the malware in various hackers' communities in the dark (darknet) network.
A senior member of Cyberzen's Nocturnus research group said: "These assault tools allow their operators to spy and control victims' devices, including information leakage, content theft and files. Over the past few years, we have been watching the level of sophistication and sophistication of groups operating in the Middle East. It is not yet a high level of sophistication like that of superpower-controlled assault groups, but it can certainly be seen that there is learning and implementation of increasingly advanced offensive cyber capabilities. "
Cybereason was founded in 2012 by Lior Dib (CEO), Yossi Nair (CVO), and Jonathan Shtrim Associate (CTO). The company develops a system that collects information from all endpoints in the organization, computers and servers, and analyzes their operations. With the help of a lot of real-time information, the product detects malicious behaviors and, through a simple and intuitive interface, displays the chain of events from the moment the attack is attempted. The platform allows organizations to continuously monitor the various systems in the organization, as well as identify, investigate, isolate and stop real-time attacks. The company's customers include leading companies from all areas of the Fortune 500 list, including international financial banks and corporations, pharmaceutical manufacturers, software and IT companies, food companies, retail and more. The company raised $ 400 million from Softbank, Lockheed Martin and other investors. Cyberizen has offices in Tel Aviv, Boston, London, Sydney, Tokyo and Europe and is in the process of growing and expanding.