Gaza Hackers Lure High Value Israeli Users with Faux Porn

Trend Micro on Monday published a research report on an ongoing malware campaign that targets Israeli victims, leveraging network infrastructure in Germany.

The campaign is strongly tied to Arab hackers in the Gaza Strip.

Trend Micro Inc. (TYO: 4704) is a global security software company founded in California, and headquartered in Tokyo, Japan.

According to the Trend Micro report, they have uncovered two separate, but heavily interconnected attack campaigns:

Operation Arid Viper, is a focused attack on high-value Israeli targets that links back to hackers located in Gaza. The campaign involves using spear-phishing emails with an attachment containing malware disguised as a pornographic video.

The attached malware carries out data exfiltration routines for a large cache of documents gathered from their victims’ machines in a “smash-and-grab” attack. The first such malware specimen was observed in mid 2013.

Operation Advtravel is a more diffused attack on victims in Egypt. The campaign may not be as sophisticated as that of Operation Arid Viper. The attackers are located in Egypt.

However, according to Trend Micro, both campaigns are hosted on the same servers in Germany; the domains for both campaigns have been registered by the same individuals; and both campaigns can be traced to Gaza.

“Our working theory (and subject of continuing investigation) is that there may be an overarching organization or underground community that helps support Arab hackers fight back against perceived enemies of Islam. They may do this by helping set up infrastructures, suggest targets and so on, ” reads the Trend Micro statement.

“We predict that there will be an increase of such ‘Cyber Militia activity’ in the Arab world, where non-state actors fight against other organizations that would traditionally be considered enemies.”