Israel-Palestine conflict : New feature of the conflict rides to success on malware attached NSFW videosThe attackTwo of a kindDirty road to success
Trend Micro has discovered this new wave of cyber attacks being carried out against the Israeli government, military network and research infrastructure which has taken the aid of NSFW videos. Trend Micros states that there are two separate but similar cyber attacks and both seemed to be interlinked as the trail leads back to Gaza based hackers.
The attack
Israel’s National Cyber Authority spokesperson states that the Israeli government hasn’t received any indications of “substantial” damage from these attacks however, these attacks seem to be targeting Israeli citizens. Three individuals have been identified as part of the attack and all three are working in Tech firms in Gaza. These individuals are also either listed as the buyers of the German domains (from where the attacks originated) or are involved in subsequent attacks launched against Egyptian targets from Gaza. Trend Micro describes how the attack works,
Two of a kind
The first one has been named Operation Arid Viper and involves spreading of malware via spam emails. This malware gathers data from compromised machines through what is known as a “smash-and-grab attack.” This attack is being carried out against high-level targets and makes use of NSFW content. The second campaign has been nicknamed Operation Advtravel. It is a low-level targeted attack affecting only a few hundreds in Egypt. It mainly infects personal laptops. Traces of its attackers have been found in Egypt. The similarities in the attacks is that they both are being hosted from a server based in Germany. Israel has blocked all digital communication from Gaza to avoid such attacks, but Germany isn’t blocked by Israel. Plus, the server is also registered under the same people who are detailed above. In comparison to the conventional APT-style attacks, Arid Viper appears much effective and serious whereas Advtravel seems to be slightly amateurish.
Dirty road to success
Israel is not unknown to such attacks, which is why the IP block is in place, yet, these attackers have managed to carry out the attack. The main reason is that the attacks are emanating from German servers, which are not blocked by Israel. Moreover, the use of NSFW content in the emails adds that much more honey to the click bait. The minute someone opens a NSFW content, his natural reaction will be to close the link and he will not think about it anymore. The employee won’t even report it if the email contains NSFW content for fear of shame. Both ways, this acts as a perfect foil for the Gazan hackers to complete their objective of exfiltrating data from Israeli cyber users.