An American cyber security company founded by an Israeli has identified a new cyber espionage campaign originating in the Gaza Strip and aimed at government ministries in Israel, Arab countries and the Palestinian Authority.
Experts say that the infrastructure behind the attacks and the way that different servers have been used to hide their source reveals that the suspected organization — known as the Gaza Cybergang Group — has upgraded its capability to a level “which would not embarrass countries with reasonable cyber capabilities,” The Marker, a daily business newspaper, reported Wednesday.
The Gaza Cybergang Group is thought to be backed by the Hamas terror group which controls the Strip
Gangs of hackers sent emails to their targets from a source which looked legitimate, such as a work colleague. The emails contained fake news headlines aimed at encouraging the reader to click on an attached link or file.
Opening of the file triggered installation of a program which sent the computer user’s identifying details to a control center manned by the hackers. If the details were sufficiently interesting, spyware was installed onto the unwitting user’s computer — spyware that could eavesdrop on conversations, read correspondence and operate the camera.
The same group opened a new internet address — new.gov-il.host– as part of a specific plan to attack the Israeli government.
It was the Israeli development team at Palo Alto Networks which, having noticed repeated attempts to cyber breach different targets in Israel and elsewhere, linked the attacks, servers and tools used to a group of at least 10 hackers operating out of Gaza.
They noticed spelling mistakes in Hebrew and English reminiscent of mistakes made by Hamas in video clips and other written materials. An analysis of the timing revealed that there was no hacking on Fridays — a clear suggestion that the hackers were working a Middle Eastern week.
Fake news items posted as bait included photographs of Internal Security Minister Gilad Erdan and sports broadcaster Sharon Perry.
The government’s National Cyber Bureau would not comment on the Gaza attacks. It just said that different sources attempted on a regular basis to break into Israeli organizational networks.