14 DAY TRIAL // A cyber-espionage group known as the Gaza Cybergang, the Gaza Hackers Team or Molerats has resumed operations in April 2016, after previously shutting down all activities when security firm ClearSky discovered its presence in January 2016.
The Gaza Cybergang has been around since 2012 when various security firms first detected its operations. Since then, the group has been extremely active, developing custom malware and launching intensive campaigns such as DownExecute, XtremeRAT, MoleRAT, or DustSky (NeD Worm).
The last of these operations happened at the start of the year and was discovered by Israeli security firm ClearSky. Called Operation DustSky, the group focused on targets in Israel, Egypt, Saudi Arabia, United Arab Emirates and Iraq, using an aggressive, but quite randomly aimed spear-phishing campaign, and a .NET-based malware named DustSky (NeD Worm).
DustSky operation resumed after 20 days
Following up on its previous discovery, ClearSky researchers revealed that as soon as its first DustSky report was released, the group behind this campaign stopped all activity.
Furthermore, at least one of the individuals behind these spear-phishing operations tried to get in contact with the security firm and discover what the researchers knew about the group.
This period of inactivity didn't last long, ClearSky says, and the Gaza Cybergang resumed activities against Middle East targets (except Israel) after 20 days.
Israel didn't escape the group's new wave of hacking for long, though, and by the beginning of April 2016, the group also renewed attacks against Israeli targets as well.
DustSky malware rewritten in C++
As the security firm explains, the reason behind this period of inactivity may have been because the group rewrote their malware in C++.
Additionally, to evade the security firm's prying eyes, the group also switched targets, going after people in Israel, The United States, Egypt, Saudi Arabia, the United Arab Emirates and The Palestinian Authority.
Some of these targets include various banks in Israel and UAE, the Ministries of Foreign Affairs for Saudi Arabia and UAE, a former UK politician, an EC diplomat, an employee at the US Department of State, an individual at the prime minister's office at the Palestinian Authority, and several diplomats and ambassadors.
The group went after more than 150 different targets, and sent three-fifths of their phishing emails to private email addresses (Gmail, Yahoo, Hotmail), compared to work or government emails.
This time around, ClearSky says the group left more clues following this recent campaign, and the company is now able to "estimate with medium-high certainty that the Hamas terrorist organization is behind these attacks."
ClearSky provides a possible identity of one of the Gaza Cybergang members in its Operation DustSky - Part 2 report.