Donate Us

Help us keep this free site alive with a small contribution from you. Select an amount below.

Friday, February 14, 2020



A story about hacking members of the Palestinian Authority has turned into another story about how the Palestinian Authority tries to control the news media.

From SecurityWeek:
Two apparently politically motivated backdoor campaigns have been observed operating in the Middle East, targeting influential Palestinians. The aggressors are most likely the MoleRATs APT (aka The Gaza Cybergang, Extreme Jackal, Moonlight, and DustySky). MoleRATs operates out of Gaza and is believed to be associated with Hamas.

The two campaigns are primarily differentiated by the backdoor malware used: Spark and Pierogi -- and have been named as the Spark Campaign and the Pierogi Campaign respectively by researchers at Cybereason's Nocturnus group. Spark is the older of the two malwares, and has been known since January 2019. Nocturnus believes it was developed by MoleRATs themselves. Pierogi is a new undocumented RAT, discovered by Cybereason in December 2019.

Pierogi is thought to have been developed by Ukrainians rather than MoleRATs themselves. There are numerous Ukrainian words within the code, including, for example, C2 commands. These include 'ekspertyza' ('examine', for requesting commands from the C2), 'zavantazhyty' ('download', for exfiltration), and 'vydaly' ('delete', for deleting certain requests). The Ukrainian connection is the reason for the Pierogi (a popular East European dish) name.

Both campaigns use email social engineering as the initial attack vector. Spark delivers a weaponized document or a malicious link. The lure is political, including themes based on the Hamas/Fatah conflict, the Israel/Palestine conflict, tensions based on the killing of Qasem Soleimani, and tensions between Hamas and the Egyptian government.
...
The Spark Campaign, concludes Cybereason, suggests the social engineering element is "specifically meant to lure and appeal to victims from the Middle East, especially towards individuals and entities in the Palestinian territories likely related to the Palestinian government or the Fatah movement."

The second campaign, Pierogi, is slightly different but also tied to MoleRATs. It is similarly targeted against Palestinian individuals and entities that are likely related to the Palestinian government. ....
The infrastructure for the Pierogi campaign seems to have been created specifically for the campaign. The domains were registered in November 2019 and operationalized shortly afterward. "The Pierogi backdoor discovered by Cybereason during this investigation seems to be undocumented and gives the threat actors espionage capabilities over their victims." Cybereason suggests it may have been obtained through underground communities rather than developed in-house by MoleRATs.
It is interesting that Gaza (and possibly Hamas) hacking abilities are this sophisticated.

But the Palestinian Authority doesn't want this information to be published.

The Ministry of Communications and Information Technology said that what the Israeli websites claim from the occurrence of cyber attacks and attempts to penetrate Palestine is only a description of the general situation that Palestine and other countries of the world are subjected to from attempts to infiltrate and cyber attacks through multiple sides.

The ministry confirmed in a statement issued today, Friday, that all attempts of this type are dealt with immediately by our specialized teams, which are the information security team and the competent security authorities.

The Ministry called on citizens not to deal with such news, inviting them to go to the competent authorities in the event of any citizen being exposed to attempts or operations of this type of targeting and others.

The Ministry released a statement: "We deplored the nature and timing of this news, which was published through the occupation...we confirm that its aim is an attempt to reinforce the division between our people who created a great image of unity with the decision rejecting the deal of the century."

The Ministry called on all Palestinian and Arab news websites and media platforms to be vigilant and cautious, not to circulate unreliable news and reports, and to check their accuracy before publication.
The news of course came from an Israeli cybersecurity company, not the Israeli government. A new backdoor in Android is always news. This is what cybersecurity researchers do. The PA yet again is warning its new media not to publish reports that make them look bad. The idea that the timing was to somehow hurt Palestinian unity is paranoia.

And the attempt to stifle free speech is at least as big a story as the hacking.



We have lots of ideas, but we need more resources to be even more effective. Please donate today to help get the message out and to help defend Israel.

0 comments:

Post a Comment

EoZTV Podcast

Powered by Blogger.

follow me

search eoz

Recent posts from other blogs

subscribe via email

comments

Contact

translate

E-Book

source materials

reference sites

multimedia

source materials for Jewish learning

great places to give money

media watch

humor

.

Source materials

Sample Text

EoZ's Most Popular Posts Ever

follow me

Followers


pages

Random Posts

Pages - Menu

Elder of Ziyon - حـكـيـم صـهـيـون

Donate!

Tweets

Compliments

Monthly subscription:
Subscription options

One time donation:

Interesting Blogs

Categories

Best posts of 2016

Blog Archive

compliments

Algemeiner: "Fiercely intelligent and erudite"

Omri: "Elder is one of the best established and most respected members of the jblogosphere..."
Atheist Jew:"Elder of Ziyon probably had the greatest impression on me..."
Soccer Dad: "He undertakes the important task of making sure that his readers learn from history."
AbbaGav: "A truly exceptional blog..."
Judeopundit: "[A] venerable blog-pioneer and beloved patriarchal figure...his blog is indispensable."
Oleh Musings: "The most comprehensive Zionist blog I have seen."
Carl in Jerusalem: "...probably the most under-recognized blog in the JBlogsphere as far as I am concerned."
Aussie Dave: "King of the auto-translation."
The Israel Situation:The Elder manages to write so many great, investigative posts that I am often looking to him for important news on the PalArab (his term for Palestinian Arab) side of things."
Tikun Olam: "Either you are carelessly ignorant or a willful liar and distorter of the truth. Either way, it makes you one mean SOB."
Mondoweiss commenter: "For virulent pro-Zionism (and plain straightforward lies of course) there is nothing much to beat it."
Didi Remez: "Leading wingnut"