HQ/EMEAFind out how we can help your business
The data-wiping attacks that executed the Wirte threat group against Israeli organisations were linked to the Palestinian militant group, Hamas.
These wiper campaigns that targeted Israel have compromised various entities, such as healthcare and government institutions. Moreover, the researchers revealed that the notorious threat group that executed these attacks are allegedly linked to TA40, Molerats, and the Gaza Cyber Gang.
Israel and Hamas have been fighting since the Palestinian nationalist group broke through the Gaza-Israel border in a violent incursion on October 7, 2023. The battle spilled to Lebanon, which is not known for its cyberactivity.
Wirte threat group’s cybercriminal activities that target various organisations in the Middle East have not stopped despite the Israel-Gaza conflict.
Investigations reveal that the Isreal-Gaza war has not prevented the Wirte threat group from stopping its cyberespionage activities against Middle Eastern countries. Some of the confirmed countries that the group have already targeted are Saudi Arabia, Jordan, Iraq, Egypt, and the Palestinian Authority.
Moreover, the researchers noted that the group only targets Israeli objectives with disruptive assaults. One such instance was the October phishing attempts via an Israeli reseller’s compromised email account belonging to the Slovak cybersecurity firm.
These attackers used phishing emails, including a variant of the SameCoin Wiper, which initially emerged in a wave of phishing attacks posing as the Israeli National Cyber Directorate earlier this year.
However, the latest version of the virus includes a unique encryption feature that has only been observed in Wirte malware, along with other minor modifications. The malware setup file verifies that the systems it targets are situated within the nation by connecting to a military website only available in Israel.
Furthermore, the Windows variation drops a pro-Hamas propaganda film, a Hamas wallpaper, a wiper component, and a task spreader that attempts to replicate the loader onto other computers connected to the same network onto compromised systems.
Researchers expect that these against Middle Eastern organisations will persist as long as the tension between some of the countries in the region continues.
