Unknown source attacks both the Palestinian’s and Israel’s Networks
22 November, 2012
A recent study made by security company, shows that in the last year both sides fell victim to a cyber attacks lounched by unknown third side!
People are used to think that Israel and the Palestinians are always locked in a bitter fight against each other. But a recent study made by security company, shows that in the last year both sides fell victim to a cyber attacks lounched by unknown third side!
An in depth analysis of millions of malware samples dating back to October 2011, has revealed that any of the recent attempts by the Israel government to prevent Trojan injections into sensitive police, ministry and embassy computers as recently reported, may have been too late. According to Norman AS, a malware analysis firm headquartered in Oslo, Norway and San Diego, California, multiple malware attacks against Israeli and Palestinian targets have been going on for at least a year—first focused on Palestinians, then Israelis.
A few weeks ago, Israeli law enforcement discovered messages misidentified as coming from Israeli Defense Force Chief of Staff Benny Gantz. This was their first notice of a possible attack. Similar messages had also gone out to Israeli embassies around the world. When unsuspecting recipients opened the email, they found attached an archive containing the surveillance tool camouflaged as a document. When opened, hackers would be able to steal information and remotely take command of the computer.
In an attempt to discover if this was an isolated incident or something more significant, Norman researchers ran samples from Norman’s database of known malware through the company’s malware analyzer. It appears that the attacks were performed by the same attacker, as the malware in question communicate with the same command-and-control structures, and in many cases are signed using the same digital certificate. While unknown at this point, the purpose is assumed to be espionage and surveillance.
The hackers first directed malware network traffic to command and control servers in the Gaza Strip, and then to hosting companies in the U.S. and U.K., according to the investigation. “The attacker is still unknown to us,” commented Norman AS Vice President, Einar Oftedal. “There are several possible alternatives based on the various power blocks in the region. One thing is for certain, with off-the-shelf malware available to anyone, the cost of mounting such an operation is low enough that anyone could be behind it.”
The malware used was in most cases shown to be XtremeRat, a commercially-available surveillance and remote administration tool.