Study Shows Israel and Palestinian Territories under Cyber Attack from Same Source for More Than One Year
An in depth analysis of millions of malware samples dating back to October 2011, has revealed that any of the recent attempts by the Israel government to prevent Trojan injections into sensitive police, ministry and embassy computers as recently reported, may have been too late. According to Norman AS, a leading malware analysis firm headquartered in Oslo, Norway and San Diego, California, multiple malware attacks against Israeli and Palestinian targets have been going on for at least a year—first focused on Palestinians, then Israelis. A few weeks ago, Israeli law enforcement discovered messages misidentified as coming from Israeli Defense Force Chief of Staff Benny Gantz. This was their first notice of a possible attack. Similar messages had also gone out to Israeli embassies around the world. When unsuspecting recipients opened the email, they found attached an archive containing the surveillance tool camouflaged as a document. When opened, hackers would be able to steal information and remotely take command of the computer.
Norman AS Vice President Einar Oftedal, is available to provide additional details and commentary on this news and Norman's analysis.
In an attempt to discover if this was an isolated incident or something more significant, Norman researchers ran samples from Norman's huge database of known malware through the company's malware analyzer. It appears that the attacks were performed by the same attacker, as the malware in question communicate with the same command-and-control structures, and in many cases are signed using the same digital certificate. While unknown at this point, the purpose is assumed to be espionage and surveillance.
The hackers first directed malware network traffic to command and control servers in the Gaza Strip, and then to hosting companies in the U.S. and U.K., according to the investigation.
“The attacker is still unknown to us,” commented Oftedal. “There are several possible alternatives based on the various power blocks in the region. One thing is for certain, with off-the-shelf malware available to anyone, the cost of mounting such an operation is low enough that anyone could be behind it.” The malware used was in most cases shown to be XtremeRat, a commercially-available surveillance and remote administration tool.
About Norman AS
Founded in Norway in 1984, Norman is a global leader and pioneer in proactive content security solutions and forensics malware tools. Norman's proactive antimalware solutions, including malware analysis tools, network security and endpoint protection, are powered by patented Norman SandBox technology and used by security solutions providers around the world.
Norman's unified core antimalware protection for clients, servers and network security are delivered as products and services designed to protect industrial control systems; and business communications and resources, including corporate and government networks and applications, remote employees, branch offices and extranets. Norman's solutions are available through Norman subsidiaries and a network of global partners.