National Security News

Reporting the facts on national security

National Security News

Cyber Israel

Hamas buys sophisticated criminal malware to target Israel

Source: Constella

Hamas terrorists are renting complex computer viruses from organised crime gangs to attack the Israeli armed forces, government departments and the country’s critical national infrastructure, National Security News can reveal.

The computer viruses can be purchased for as little as $200 USD a month with the more sophisticated versions being rented to terrorist groups for up to $1million USD a year.

The viruses are a form of malware known as info-stealers, which once downloaded can allow terrorists and individuals known as threat actors, to seize confidential information on a target’s computer.

The viruses can be unknowingly uploaded via emails, computer games and PDF documents and once opened the victim’s entire computer information can be stolen.

Terrorists and cyber criminals based in Russia, Iran, Lebanon and other Middle Eastern countries are believed to have launched numerous cyber attacks against the Israeli Defence Forces, government institutions and the country’s critical national infrastructure since the October 7th attacks.

Over the last year, the number of cyber attacks launched against Israel from Iran and Hezbollah, the Tehran-sponsored terrorist proxy, have increased by 43 per cent according to a report by Israel’s National Security Directorate.

According to the report, Israel encountered a 2.5-fold increase in cyber intrusions compared to previous years, with a total of 3,380 attacks documented during the specified timeframe. Notably, 800 of the attacks were deemed to possess “significant potential for damage” by the National Cyber Directorate.

The report added: “The war brought with it an increase in cyber attacks that intensified gradually, shifting from a focus on information theft to disruptive and damaging attacks.”

It said the attacks had aims from simply spreading public discord to more sophisticated operations designed to disrupt essential organisations and influential companies. 

The directorate highlighted the targeting of hospitals, attacks aimed at undermining the war effort and intelligence gathering. The report also exposed a burgeoning collaboration between Iran and Hezbollah in executing cyber operations.

Throughout 2023, the Directorate registered a total of 13,040 verified cyber attack reports, representing a 43 per cent surge compared to the preceding year. Notably, 68 per cent of the attacks coincided with the Gaza conflict.

Of the reported attacks, 41 per cent targeted social networks, 25 per cent were phishing attempts, and 13 per cent exploited vulnerabilities in computer systems. The remaining assaults comprised malware attacks, disruptions to operational continuity, and communication disruptions.

Alberto Casares, the chief technology officer at the cyber security company Constella Intelligence, said in an interview with National Security News, that terrorists have developed “tools” which allow them to automatically scan computer systems to see if they have any vulnerable points.

Once those vulnerabilities have been identified, victims can then be targeted with specific info-stealer viruses.

He said: “What we have been seeing in the last few months is that these threat actors are using other techniques that are more focused to target Israeli citizens and critical infrastructure. 

“In some cases, they use information compromised from what is called an InfoStealer, which is a malware which gets information from a compromised device by uploading the malware in certain types of software, including video games, and attached to legitimate PDF files.

“Basically, they wait for the victim to click, download that malicious software, and then the victim gets infected. Once that happens, the terrorist gets an alert on their side saying that there is a new victim, and then they analyse the information that has been compromised.

“This info-stealer has access to the browser history, the passwords that have been stored, the cookies, which are super important, and some critical and confidential documents that might be stored in the compromised device. With all that information, the threat actor can bypass multi-factor authentication and hijack accounts. So, this is a really sophisticated type of attack but it’s very easy to learn.”

Casares added that various forms of the info-stealer malware were for sale on the internet by cyber criminals.

The cost for a license to use them is as little as $200 USD a month up to several hundred thousand depending on the level of sophistication.

He added: “Criminal gangs are selling different versions of malware on the internet as a subscription model.

Basically, you pay for the license of the malicious software plus all the updates. Once you get that malicious software you can use it when and wherever you want.”

Casares added that it was possible that states such as Russia, China, Iran and North Korea as well as criminal gangs were responsible for selling the malware.

He said that the motive behind the attacks was nearly always financial with cyber criminals attempting to steal confidential information which can then be passed on to a third party – such a state, terrorist group or other cyber criminals who can exploit the data.

Constella Intelligence has the capability of being able to study breach data and Casares says that hundreds of breaches are happening world-wide every day.

He said despite the sophistication of the attacks, companies can protect themselves providing they take certain precautions.

Casares added: “First of all, you have to do a lot of awareness because most of these infections are happening because the victim clicks or downloads a pilot program. We have seen in some cases where this information is being hosted in legitimate PDF files and documents that threat actors are copying from even legitimate sites. And they are hosting that malware in order to try to make this more credible. So, the first thing is awareness.

“It’s very important to make sure that you are not downloading or clicking on the wrong site. 

“The second thing is making sure that you have your software updated and you are using anti-viruses. These are the best methods of protection.”

Author

  • Sean Rayment is the Defence and Security Editor for National Security News. He is also a best selling author, broadcaster and award-winning defence and security journalist. He has also previously served as an officer in Parachute Regiment Officer. He has reported from war zones around the world including Iraq, Afghanistan, the Balkans, Africa, and Northern Ireland and is one of the few British journalists to twice visit the US detention centre at Guantanamo Bay in Cuba. He has written for virtually all British national newspapers and specialises in security, intelligence, and defence reporting, with a specific interest in mental health issues in the military community. Sean is also the author of Bomb Hunters and Tales from the Special Forces Club. He also co-wrote the international bestselling Painting the Sand with Kim Hughes GC and Endurance with former SAS operator Louis Rudd.

    View all posts
Sean Rayment is the Defence and Security Editor for National Security News. He is also a best selling author, broadcaster and award-winning defence and security journalist. He has also previously served as an officer in Parachute Regiment Officer. He has reported from war zones around the world including Iraq, Afghanistan, the Balkans, Africa, and Northern Ireland and is one of the few British journalists to twice visit the US detention centre at Guantanamo Bay in Cuba. He has written for virtually all British national newspapers and specialises in security, intelligence, and defence reporting, with a specific interest in mental health issues in the military community. Sean is also the author of Bomb Hunters and Tales from the Special Forces Club. He also co-wrote the international bestselling Painting the Sand with Kim Hughes GC and Endurance with former SAS operator Louis Rudd.