Friday, February 14, 2020

  • Friday, February 14, 2020
  • Elder of Ziyon

A story about hacking members of the Palestinian Authority has turned into another story about how the Palestinian Authority tries to control the news media.

From SecurityWeek:
Two apparently politically motivated backdoor campaigns have been observed operating in the Middle East, targeting influential Palestinians. The aggressors are most likely the MoleRATs APT (aka The Gaza Cybergang, Extreme Jackal, Moonlight, and DustySky). MoleRATs operates out of Gaza and is believed to be associated with Hamas.

The two campaigns are primarily differentiated by the backdoor malware used: Spark and Pierogi -- and have been named as the Spark Campaign and the Pierogi Campaign respectively by researchers at Cybereason's Nocturnus group. Spark is the older of the two malwares, and has been known since January 2019. Nocturnus believes it was developed by MoleRATs themselves. Pierogi is a new undocumented RAT, discovered by Cybereason in December 2019.

Pierogi is thought to have been developed by Ukrainians rather than MoleRATs themselves. There are numerous Ukrainian words within the code, including, for example, C2 commands. These include 'ekspertyza' ('examine', for requesting commands from the C2), 'zavantazhyty' ('download', for exfiltration), and 'vydaly' ('delete', for deleting certain requests). The Ukrainian connection is the reason for the Pierogi (a popular East European dish) name.

Both campaigns use email social engineering as the initial attack vector. Spark delivers a weaponized document or a malicious link. The lure is political, including themes based on the Hamas/Fatah conflict, the Israel/Palestine conflict, tensions based on the killing of Qasem Soleimani, and tensions between Hamas and the Egyptian government.
The Spark Campaign, concludes Cybereason, suggests the social engineering element is "specifically meant to lure and appeal to victims from the Middle East, especially towards individuals and entities in the Palestinian territories likely related to the Palestinian government or the Fatah movement."

The second campaign, Pierogi, is slightly different but also tied to MoleRATs. It is similarly targeted against Palestinian individuals and entities that are likely related to the Palestinian government. ....
The infrastructure for the Pierogi campaign seems to have been created specifically for the campaign. The domains were registered in November 2019 and operationalized shortly afterward. "The Pierogi backdoor discovered by Cybereason during this investigation seems to be undocumented and gives the threat actors espionage capabilities over their victims." Cybereason suggests it may have been obtained through underground communities rather than developed in-house by MoleRATs.
It is interesting that Gaza (and possibly Hamas) hacking abilities are this sophisticated.

But the Palestinian Authority doesn't want this information to be published.

The Ministry of Communications and Information Technology said that what the Israeli websites claim from the occurrence of cyber attacks and attempts to penetrate Palestine is only a description of the general situation that Palestine and other countries of the world are subjected to from attempts to infiltrate and cyber attacks through multiple sides.

The ministry confirmed in a statement issued today, Friday, that all attempts of this type are dealt with immediately by our specialized teams, which are the information security team and the competent security authorities.

The Ministry called on citizens not to deal with such news, inviting them to go to the competent authorities in the event of any citizen being exposed to attempts or operations of this type of targeting and others.

The Ministry released a statement: "We deplored the nature and timing of this news, which was published through the occupation...we confirm that its aim is an attempt to reinforce the division between our people who created a great image of unity with the decision rejecting the deal of the century."

The Ministry called on all Palestinian and Arab news websites and media platforms to be vigilant and cautious, not to circulate unreliable news and reports, and to check their accuracy before publication.
The news of course came from an Israeli cybersecurity company, not the Israeli government. A new backdoor in Android is always news. This is what cybersecurity researchers do. The PA yet again is warning its new media not to publish reports that make them look bad. The idea that the timing was to somehow hurt Palestinian unity is paranoia.

And the attempt to stifle free speech is at least as big a story as the hacking.

We have lots of ideas, but we need more resources to be even more effective. Please donate today to help get the message out and to help defend Israel.


EoZTV Podcast

Podcast URL

Subscribe in podnovaSubscribe with FeedlyAdd to netvibes
addtomyyahoo4Subscribe with SubToMe

search eoz





For $18 donation

Sample Text

EoZ's Most Popular Posts in recent years


Elder of Ziyon - حـكـيـم صـهـيـون

This blog may be a labor of love for me, but it takes a lot of effort, time and money. For over 14 years and 30,000 articles I have been providing accurate, original news that would have remained unnoticed. I've written hundreds of scoops and sometimes my reporting ends up making a real difference. I appreciate any donations you can give to keep this blog going.


Donate to fight for Israel!

Monthly subscription:
Payment options

One time donation:

subscribe via email

Follow EoZ on Twitter!

Interesting Blogs


#PayForSlay Abbas liar Academic fraud administrivia al-Qaeda algeria Alice Walker American Jews AmericanZionism Amnesty analysis anti-semitism anti-Zionism antisemitism apartheid Arab antisemitism arab refugees Arafat archaeology Ari Fuld art Ashrawi ASHREI B'tselem bahrain Balfour bbc BDS BDSFail Bedouin Beitunia beoz Bernie Sanders Biden history Birthright book review Brant Rosen breaking the silence Campus antisemitism Cardozo cartoon of the day Chakindas Chanukah Christians circumcision Clark Kent coexistence Comix Community Standards conspiracy theories COVID-19 Cyprus Daled Amos Daphne Anson David Applebaum Davis report DCI-P Divest This double standards Egypt Elder gets results ElderToons Electronic Intifada Ellen Horowitz Embassy EoZ Trump symposium eoz-symposium EoZNews eoztv Erekat Erekat lung transplant EU Euro-Mid Observer European antisemitism Facebook Facebook jail Fake Civilians 2014 Fake Civilians 2019 Farrakhan Fatah featured Features fisking flotilla Forest Rain Forward free gaza freedom of press palestinian style future martyr Gary Spedding gaza Gaza Platform George Galloway George Soros German Jewry Ghassan Daghlas gideon levy gilad shalit gisha Goldstone Report Good news Grapel Guardian guest post gunness Haaretz Hadassah hamas Hamas war crimes Hananya Naftali hasbara Hasby 2014 Hasby 2016 Hasby 2018 hate speech Hebron helen thomas hezbollah history Hizballah Holocaust Holocaust denial honor killing HRW Human Rights Humanitarian crisis humor Hypocrisy ICRC IDF IfNotNow IJ Benjamin Ilan Pappe Ilhan Omar impossible peace incitement indigenous Indonesia infographic international law interview intransigence iran Iraq Islamic Judeophobia Islamism Israel Loves America Israeli culture Israeli high-tech J Street jabalya James Zogby jeremy bowen Jerusalem jewish fiction Jewish Voice for Peace jihad jimmy carter Joe Biden John Kerry jokes jonathan cook Jordan Joseph Massad Juan Cole Judaism Judea-Samaria Judean Rose Judith Butler Kairos Karl Vick Keith Ellison ken roth khalid amayreh Khaybar Know How to Answer Lebanon leftists Linda Sarsour Linkdump lumish mahmoud zahar Mairav Zonszein Malaysia Marc Lamont Hill Marjorie Taylor Greene max blumenthal Mazen Adi McGraw-Hill media bias Methodist Michael Lynk Michael Ross Miftah Missionaries moderate Islam Mohammed Assaf Mondoweiss moonbats Morocco Mudar Zahran music Muslim Brotherhood Naftali Bennett Nakba Nan Greer Nation of Islam Natural gas Nazi Netanyahu News nftp NGO Nick Cannon NIF Noah Phillips norpac NSU Matrix NYT Occupation offbeat olive oil Omar Barghouti Omri Boehm Only in Israel Opinion oxfam PA corruption PalArab lies Palestine Papers pallywood pchr PCUSA Peace Now Peter Beinart Petra MB philosophy poetry Poland poll Poster Preoccupied Prisoners propaganda Proud to be Zionist Puar Purim purimshpiel Putin Qaradawi Qassam calendar Quora Rafah Ray Hanania real liberals RealJerusalemStreets reference Reuters Richard Falk Richard Landes Richard Silverstein Right of return Rivkah Lambert Adler Robert Werdine rogel alpher roger cohen roger waters Rutgers Saeb Erekat Sarah Schulman Saudi Arabia saudi vice self-death self-death palestinians Seth Rogen settlements sex crimes SFSU shechita sheikh tamimi Shelly Yachimovich Shujaiyeh Simchat Torah Simona Sharoni SodaStream South Africa Sovereignty Speech stamps Superman Syria Tarabin Temple Mount Terrorism This is Zionism Thomas Friedman Tlaib TOI Tomer Ilan Trump Trump Lame Duck Test Tunisia Turkey UAE Accord UCI UK UN UNDP unesco unhrc UNICEF United Arab Emirates Unity unrwa UNRWA hate unrwa reports UNRWA-USA unwra vaccination Varda Vic Rosenthal Washington wikileaks Winstanley work accident X-washing Y. Ben-David Yemen YMikarov zahran Ziesel zionist attack zoo Zionophobia Ziophobia Zvi

Blog Archive