Israel is experiencing “backdoor malware” attacks possibly related to Hamas after Tel Aviv declared war against the Palestinian militant group in October.
Backdoor malware is a Trojan virus designed to mimic an application it is not coded for.
The incidents involved a new version of the virus SysJoker produced by a hacking group called “WildCard.”
SysJoker Backdoor Malware
According to California firm VMware, SysJoker hides as legitimate software and convinces users to download it as a harmful program on their devices.
SysJoker has been upgraded multiple times since its inception, enabling criminals to use it more effectively against targets.
Shortly after its discovery in 2021, SysJoker was utilized for digital assaults on Israel’s education institutions. The malware’s latest version was identified last October.
‘Greater Attention’ Needed
Tel Aviv cyber firm Intezer, which was the first to encounter SysJoker, said further studies are required to rule out connections between WildCard and Hamas.
“Connections… indicate WildCard’s advanced capabilities focus on critical sectors within Israel,” Intezer explained. “While we’ve begun to understand WildCard’s tactics and methods, their precise identity is still enigmatic, demanding deeper analysis and collaboration within the infosec community.”
“We believe the shadow of a previously unidentified threat actor has slipped below the threshold and deserves greater attention.”
Meanwhile, American-Israeli company Check Point in their separate investigation highlighted clues that suggest a strong association between WildCard and Hamas.
“Analysis of newly discovered variants of SysJoker revealed ties to previously undisclosed samples of Operation Electric Powder, a set of targeted attacks against Israeli organizations between 2016-2017 that were loosely linked to the threat actor known as Gaza Cybergang,” Check Point said.
“Amid tensions in the ongoing Israel-Hamas war, Check Point Research has been conducting active threat hunting in an effort to discover, attribute, and mitigate relevant regional threats.”
“Among those, some new variants of the SysJoker malware… recently caught our attention. Our assessment is that these were used in targeted attacks by a Hamas-related threat actor.”
