One was associated with Palestinian Preventive Security Services, the official internal intelligence agency for the Palestinian Authority - which gets funded by Western dollars.
This activity originated in the West Bank and focused on the Palestinian territories and Syria, and to a lesser extent Turkey, Iraq, Lebanon and Libya. It relied on social engineering to trick people into clicking on malicious links and installing malware on their devices. Our investigation found links to the Preventive Security Service — the Palestinian Authority’s internal intelligence organization.This persistent threat actor focused on a wide range of targets, including journalists, people opposing the Fatah-led government, human rights activists and military groups including the Syrian opposition and Iraqi military. They used their own low-sophistication malware disguised as secure chat applications, in addition to malware tools openly available on the internet.
It is not surprising that the Palestinian Authority targets journalists and human rights activists - they have laws against publishing anything negative about themselves. Going after the Syrian opposition is a little more interesting; it hints at some intelligence sharing between the Palestinian Authority and the murderous government of Syria.
The PPS hacks relied primarily on social engineering, often posing as women and gaining the trust of their targets to get them to install "secure chat" applications on their phones and computers. But they also created fake web pages that would attract people they want to spy on, like Hamas members. In addition, they created fake Facebook Pages that "posted memes criticizing Russian foreign policy in the Middle East, Russian military contractor Wagner Group and its involvement in Syria and Libya and the Assad government."
The PPS is funded by Western dollars, and in the past it has cooperated with both Israel and the CIA.
Today, however, it seems more aligned with Syria's Bashar Assad.
At the same time, Hamas has a extensive hacking operation, known in the security community as Arid Viper. It would install spyware on victims' phones, turning them into remote surveillance devices.
The Arid Viper hacks are far more sophisticated than the ones from the Palestinian Authority. It was previously known to have attacked Israeli targets. In this case, the targets seem to be pretty much Fatah and the Palestinian Authority.
For example, it created a fake webpage spoofing the Palestinian Central Elections Commission site, tricking people into entering their social media credentials.
Like the PSS hacks, Hamas would use social engineering, convincing targets to install supposed dating message apps on their phones.
Facebook wrote an entire 40 page report analyzing Arid Viper's methods.
One must assume that some of the Hamas expertise comes courtesy of Iran, although they have been doing this for years and are certainly learning some methods on their own.