Palestinian Hackers Tricked Victims Into Installing iOS Spyware

Hacking activity in the Gaza Strip and West Bank has ramped up in recent years as rival Palestinian political parties spar with each other, the Israeli-Palestinian conflict continues, and Palestinian hackers increasingly establish themselves on the global stage. Now, Facebook has uncovered two digital espionage campaigns out of Palestine, active in 2019 and 2020, that exploited a range of devices and platforms, including unique spyware that targeted iOS.

The groups, which appear to be unconnected, seem to have been at cross-purposes. But both used social media platforms like Facebook as jumping off points to connect with targets and launch social engineering attacks to guide them toward phishing pages and other malicious websites.

The researchers link one set of attackers to Palestine’s Preventive Security Service, an intelligence group under the West Bank’s Fatah ruling party. In this campaign, the group primarily targeted the Palestinian territories and Syria, with some additional activity in Turkey, Iraq, Lebanon, and Libya. The hackers seemed largely focused on attacking human rights and anti-Fatah activists, journalists, and entities like the Iraqi military and Syrian opposition.

The other group, the longtime actor Arid Viper, which has been associated with Hamas, focused on targets within Palestine like Fatah political party members, government officials, security forces, and students. Arid Viper established an expansive attack infrastructure for its campaigns, including hundreds of websites that launched phishing attacks, hosted iOS and Android malware, or functioned as command and control servers for that malware.

click for source
click here
click here for info
click here for more
click here for more info
click here now
click here to find out more
click here to investigate
click here to read
click here!
click here.
click now
click over here
click over here now
click this
click this link
click this link here now
click this link now
click this over here now
click this site
click to find out more
click to investigate
click to read
clicking here
company website
consultant
content
continue
continue reading
continue reading this
continue reading this..
continued
conversational tone
cool training
Get the facts
Related Site
Recommended Reading
Recommended Site
describes it
description
dig this
directory
discover here
discover more
discover more here
discover this
discover this info here
do you agree
enquiry
experienced
explanation
extra resources
find
find more
find more info
find more information
find out here
find out here now
find out more
find out this here
for beginners
from this source
full article
full report
funny postget more
get more info
get more information
get redirected here
get the facts
go
go here
go now
go right here
go to the website
go to these guys
go to this site
go to this web-site
go to this website
go to website
go!!

“To disrupt both these operations, we took down their accounts, released malware hashes, blocked domains associated with their activity, and alerted people who we believe were targeted by these groups to help them secure their accounts,” Facebook’s head of cyberespionage investigations, Mike Dvilyanski, and director of threat disruption, David Agranovich, wrote in a blog post on Wednesday. “We shared information with our industry partners including the anti-virus community so they too can detect and stop this activity.”

Courtesy of Facebook

The Preventive Security Service–linked group was active on social media and used both fake and stolen accounts to create personas, often depicting young women. Some of the accounts claimed to support Hamas, Fatah, or other military groups and sometimes posed as activists or reporters with the goal of building relationships with targets and tricking them into downloading malware.

The group used both off-the-shelf malware and its own Android spyware masquerading as a secure chat app to target victims. The chat app collected call logs, location, contact information, SMS messages, and device metadata. It also sometimes included a keylogger. The attackers also used publicly available Android and Windows malware. And the researchers saw evidence that the attackers made a fake content management platform for Windows that targeted journalists who wanted to submit articles for publication. The app didn’t actually work, but came bundled with Windows malware.

Leave a Reply

Your email address will not be published. Required fields are marked *