14 DAY TRIAL // Security researchers have observed a sophisticated cyber operation aimed at Israeli organizations, including a government agency. Palestinian hacktivists are said to be responsible for the attacks.
Hacktivists have often targeted Israel. However, most of their operations can’t be considered a real success. On the other hand, it appears that there is at least one group that’s highly organized and sophisticated.
According to experts from Israeli IT security firm Seculert, the attack was identified on January 15, 2014. At least 15 devices have been compromised after being infected with a variant of Xtreme RAT.
Interestingly, one of the infected computers belongs to the Civil Administration of Judea and Samaria, an organization that’s part of Coordinator of Government Activities in the Territories (COGAT), a unit of the Defense Ministry of Israel.
Seculert highlights the fact that the Civil Administration is an important target since it’s responsible for entry and work permits from the West Bank to Israel.
The attackers have mainly relied on spear phishing emails. One of the emails purported to come from the Shin Bet security service. Judging by the way the messages were written, experts have determined that the hackers are not native Hebrew speakers.
The files attached to these emails appear to be harmless PDF documents. However, when the document is opened, Xtreme RAT is silently deployed. Once it finds itself on a computer, it starts communicating with a command and control server located in the United States.
The RAT gives the attackers complete control of the infected devices.
“This isn’t the first and it most definitely won’t be the last time we see Xtreme RAT used by cybercriminals, hacktivists or nation-states. In terms of this particular targeted attack, the nature of the compromised organizations could have implications outside cyberspace,” Seculert’s CTO Aviv Raff noted in a blog post.