Palestinian Hackers Tricked Victims Into Installing iOS Spyware

Hacking activity in the Gaza Strip and West Bank has ramped up in recent years as rival Palestinian political parties spar with each other, the Israeli-Palestinian conflict continues, and Palestinian hackers increasingly establish themselves on the global stage. Now, Facebook has uncovered two digital espionage campaigns out of Palestine, active in 2019 and 2020, that exploited a range of devices and platforms, including unique spyware that targeted iOS.

The groups, which appear to be unconnected, seem to have been at cross-purposes. But both used social media platforms like Facebook as jumping off points to connect with targets and launch social engineering attacks to guide them toward phishing pages and other malicious websites. 

The researchers link one set of attackers to Palestine’s Preventive Security Service, an intelligence group under the West Bank’s Fatah ruling party. In this campaign, the group primarily targeted the Palestinian territories and Syria, with some additional activity in Turkey, Iraq, Lebanon, and Libya. The hackers seemed largely focused on attacking human rights and anti-Fatah activists, journalists, and entities like the Iraqi military and Syrian opposition.

click
her latest blog
This Site
read review
try here
Clicking Here
page
read this post here
More Bonuses
recommended you read
go to this web-site
this
check that
Go Here
More hints
you could check here
Continued
More Help
try this
you could try here
website here
useful source
read the full info here
Discover More
click resources
over here
like this
Learn More
site web
navigate to this web-site
pop over to this website
Get the facts
our website
great site
try this out
visit the website
you could look here
content
go to this site
website link
read this
official statement
reference
check out the post right here
additional info
my link
additional reading
important source
you can check here
this link
see post
next
click reference
visit site
look here
try this web-site
Going Here
click to read
check this site out
go to website
you can look here
read more
more
explanation
use this link
a knockout post
best site
blog here
her explanation
discover this info here
he has a good point
check my source
straight from the source
anonymous
go to my blog
hop over to these guys
find here
article
click to investigate
look at here now

The other group, the longtime actor Arid Viper, which has been associated with Hamas, focused on targets within Palestine like Fatah political party members, government officials, security forces, and students. Arid Viper established an expansive attack infrastructure for its campaigns, including hundreds of websites that launched phishing attacks, hosted iOS and Android malware, or functioned as command and control servers for that malware.

“To disrupt both these operations, we took down their accounts, released malware hashes, blocked domains associated with their activity, and alerted people who we believe were targeted by these groups to help them secure their accounts,” Facebook’s head of cyberespionage investigations, Mike Dvilyanski, and director of threat disruption, David Agranovich, wrote in a blog post on Wednesday. “We shared information with our industry partners including the anti-virus community so they too can detect and stop this activity.”

Courtesy of Facebook

The Preventive Security Service–linked group was active on social media and used both fake and stolen accounts to create personas, often depicting young women. Some of the accounts claimed to support Hamas, Fatah, or other military groups and sometimes posed as activists or reporters with the goal of building relationships with targets and tricking them into downloading malware. 

The group used both off-the-shelf malware and its own Android spyware masquerading as a secure chat app to target victims. The chat app collected call logs, location, contact information, SMS messages, and device metadata. It also sometimes included a keylogger. The attackers also used publicly available Android and Windows malware. And the researchers saw evidence that the attackers made a fake content management platform for Windows that targeted journalists who wanted to submit articles for publication. The app didn’t actually work, but came bundled with Windows malware. 

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous post Polk Audio React Soundbar Review: Smart And Expandable
Next post People Are Playing a Guessing Game in Google Maps