WASHINGTON (AFP) -A series of cyber attacks against Israel since mid-2013 appears to be coming from “Arab parties located in the Gaza Strip” and elsewhere, US security researchers say.
A research report by Trend Micro said the effort appears to be using “spear phishing” emails with an attachment disguised as a pornographic video.
When a user clicks on the attachment, it installs malware that allows for remote access of documents on the infected computer, the report said.
The researchers said in a report released Sunday that this highly targeted campaign dubbed ‘Arid Viper’ is a sort of “smash-and-grab” first seen in the middle of 2013, and which uses network infrastructure located in Germany.
The security firm said those behind the scheme are using sophisticated methods with the goal of stealing sensitive data from Israeli-based organisations – government, transport, military and academia and one organisation based in Kuwait.
A similar campaign which uses some of the same techniques and infrastructure has also been hitting targets in Egypt. This less sophisticated effort has been called ‘Operation Advtravel’ by Trend Micro.
The researchers said both campaigns are hosted on the same servers in Germany and can be tied back to activity from Gaza.
“On one hand, we have a sophisticated targeted attack, and on the other a less skilled attack that has all the hallmarks of beginner hackers. So why would these groups be working together?” Trend Micro said in a blog post.
“Our working theory (and subject of continuing investigation) is that there may be an overarching organisation or underground community that helps support Arab hackers fight back against perceived enemies of Islam. They may do this by helping set up infrastructures, suggest targets and so on.”
The report suggests there will be an increase of such “cyber militia” activity in the Arab world, where non-state actors fight against other organisations that would traditionally be considered enemies.
A separate report by the Russian security firm Kaspersky said it had uncovered “the first known Arabic group of cyber mercenaries to develop and run full-scale cyber-espionage operations.”
Kaspersky said the group has targeted military and government entities, media outlets, security companies and other organisations.
Kaspersky said it identified more than 3,000 victims in 50 countries, with more than one million files stolen by the group it called ‘Desert Falcons.’
Activity was found mainly in Egypt, Palestinian territories, Israel and Jordan, but also in Qatar, Saudi Arabia, United Arab Emirates, Algeria, Lebanon, Norway, Turkey, Sweden, France, the United States and Russia.
The Falcons used emails secretly loaded with malware to infect computers for the scheme, Kaspersky said.