November 28, 2023 at 04:36AM
Amid the ongoing conflict between Israel and Hamas, attackers associated with Hamas are using an updated version of the SysJoker backdoor to target Israeli entities. This new variant, written in the Rust programming language, retains similar functionalities but has undergone significant evolution. The attackers are also utilizing OneDrive instead of Google Drive for command-and-control server URLs. The Rust programming language, known for its security features, is becoming increasingly popular among organizations and hackers due to its ability to evade detection and reverse-engineering. A connection has been found between these attacks and the 2016-2017 Electric Powder Operation, which targeted the Israel Electric Company. Organizations are advised to implement appropriate security measures and utilize indicators of compromise to protect against potential compromise.
Based on the meeting notes, we can gather the following key points:
1. Attackers linked to the Palestinian militant group Hamas are using a revamped version of the SysJoker multi-platform backdoor to attack targets in Israel.
2. The new variant of SysJoker is written in Rust programming language, marking a significant evolution in the malware.
3. The APT group Gaza Cybergang, also known as Molerats, is believed to be responsible for the attacks.
4. The new variant uses OneDrive instead of Google Drive for command-and-control (C2) server URLs.
5. Rust programming language is increasingly favored by organizations and hackers due to its security features.
6. The malware exhibits evasive features, such as random sleep intervals, to avoid detection and analysis.
7. SysJoker collects information about the infected system, including Windows version, username, MAC address, etc., and sends it back to the C2.
8. There is a connection between the latest attacks using SysJoker and the 2016-2017 Electric Powder Operation attributed to Gaza Cybergang.
9. Check Point has provided indicators of compromise (IOCs) and hashes associated with the SysJoker attacks to help organizations identify potential targeting.
10. Endpoint protection and threat emulation tools can assist in securing potential victims against compromise.
Please let me know if there’s any specific action or follow-up required based on these meeting notes.