Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Palestinian Hackers. Show all posts

Anonymous Hackers Threaten To Publish IDF’s ‘Top Secret Projects’

 

The Anonymous hacker group has published a video claiming to have infiltrated Israel's military and stolen some of its "top secret" documents.

Two weeks after Israel's Justice Ministry admitted a cybersecurity breach that may have taken hundreds of gigabytes of data, the Anonymous hacker group claims to have hacked the Israel Defence Forces (IDF), a much more significant target. On April 18, Anonymous posted a video on X stating, "Today we want to introduce their terrorist army to the world, after hacking their justice ministry.” 

Given the nature of the fighting on the ground, the cyber aspect of the Gaza conflict has not garnered much attention. However, with the most recent escalation, Iran has come out from behind its proxies, and as a result, two of the most cyber-active nations in the world are now participating much more publicly. This includes unsubstantiated allegations made by an Iranian hacker group that they were able to break into Israeli radar systems. 

In contrast, Israel possesses offensive cyber capabilities much beyond anything Iran can produce, despite Tehran's continuous efforts to improve its capabilities. As a result, there will likely be a digital uptick as the ballistic engagement winds down. 

None of this is related to the more theatrical hacking charges levelled at Israel's military. Anonymous is best understood as an umbrella agenda, with self-proclaimed members starting and coordinating activities that are subsequently promoted. It would be incorrect to view this as a globally organised group with any sort of structure. The most recent claims appear to come from a pro-Palestinian group called Anonymous for Justice. 

The Jerusalem Post adds that "according to IDF security assessments, the likelihood of an actual breach is minimal..." The IDF's computer system is highly secure and classified at multiple levels." According to the Post, if there was a breach, the material was most likely "obtained from civilian computers." 

With a total of 20GB of data distributed across more than 230,000 files, the Anonymous video alleges that compromised material contains "the identity of the generals, military bases, military contracts and top secret projects." The hacking operation was "conducted with the assistance of certain freedom seekers from your army," the video further warns IDF.

Hackers Linked to Palestine Use the New NimbleMamba Malware

 


A Palestinian-aligned hacking organization has used a novel malware implant to target Middle Eastern governments, international policy think tanks, and a state-affiliated airline as part of "highly focused intelligence collecting activities." The discoveries by Proofpoint researchers detail the recent actions of MoleRATs in relation to a renowned and well-documented Arabic-speaking cyber organization, and the ongoing installation of a new intelligence-gathering trojan known as "NimbleMamba." 

To verify all infected individuals are within TA402's target zone, NimbleMamba employs guardrails. The Dropbox API is used by NimbleMamba both to control and also data leakage. The malware also has a number of features that make automated and human analysis more difficult. It is constantly in creation, well-maintained, and is geared to be employed in highly focused intelligence collection programs. 

MoleRATs, also known as TA402, operators are "changing the methodologies while developing these very neatly done, specialized and well-targeted campaigns," according to Sherrod DeGrippo, Proofpoint's vice president of threat analysis and detection. 

Reportedly, TA402 sends spear-phishing emails with links to malware distribution sites. Victims should be inside the scope of the attack, otherwise, the user will be rerouted to credible sources. A version of NimbleMamba is dumped on the target's machine inside a RAR file if its IP address fulfills the selected targeted region. Three separate attack chains were discovered, each with minor differences in the phishing lure motif, redirection URL, and malware-hosting sites. 

In the most recent attacks, the perpetrators pretended to be the Quora website in November 2021. The customer would be rerouted to a domain that served the NimbleMamba virus if the target system's IP address fell under one of around two dozen geofenced country codes. The user would be sent to a respectable news source if this was not the case. 

Another effort, launched in December 2021, employed target-specific baits including medical data or sensitive geopolitical information, and delivered malware via Dropbox URLs.

In yet another campaign, which ran from December to January, the hackers employed different baits for each victim but delivered malware via a hacker-controlled WordPress URL. The hacker-controlled URL only enabled attacks on targets in specific nations. 

NimbleMamba contains "various capabilities intended to confuse both automatic and manual analysis," reiterating that the malware "currently being produced, is well-maintained, and tailored for use in highly focused intelligence collection programs," the researchers told. 

Hacking attempt by KDMS Team to deface Avast website failed

KDMS Team, the Palestinian hacker group who defaced the websites of Avira, WhatsApp, AVG , is also said to have attempted to hijack Avast website.

Avast realized and thwart the hackers attempt to compromise domain , when they received a notification from Network Solutions saying their email had been changed.

"We knew we had not requested that so we immediately took action and changed our passwords, which protected us" Avast CEO said.

Users and customers of the affected websites no need to worry- No user data is compromised. It is a DNS hijack attack in which hackers break into domain provider and modify DNS records.