Hamas-Linked Hackers Targeted Israeli Engineers Ahead of Oct. 7 Massacre: Research *Centurion Insurance AFS*

A pro-Palestinian hacking group targeted Israeli software engineers as part of an attempt to dupe them into downloading malware weeks before the Oct. 7 massacre, according to findings from cybersecurity researchers at Alphabet Inc.’s Google.

The attack, dubbed Blackatom, was more elaborate than those typically used by Hamas-aligned hackers, according to a Google report published Wednesday. Targets were approached on LinkedIn and invited to download a malware-infected coding assignment via GitHub or Google Drive.

Hamas-linked hackers in September “posed as employees of a legitimate company” to lure Israel-based software engineers, promising freelance job opportunities, Kristen Dennesen, an analyst at Google’s Threat Analysis Group, said in a press conference.

In contrast with the Russian invasion of Ukraine, Google did not observe a significant increase in cyber operations from Hamas-linked groups against Israeli targets before Oct. 7. Google also said until now there’s been no evidence of a major cyber component to Hamas’s activities during the conflict. “We saw no indication that cyber activity was integrated into Hamas battlefield operations, or that cyber was used to enable kinetic events,” the report said.

The incident represents a relatively complex example of known cyber-espionage from Hamas-linked actors to occur in run-up to the war, which started with the Oct. 7 attacks that killed 1,200 people. About 28,000 people have been killed by Israel’s retaliatory air and ground attack on Gaza, according to health officials in the Hamas-run Palestinian territory. Hamas is designated a terrorist organization by the US and the European Union.

The conflict has resulted in some cyber-activity on both sides.

Days after the conflict began, unidentified cyber actors attempted to exploit Israel-based users’ need for real-time emergency alerts, distributing malicious apps that masqueraded as Israel’s “Red Alert” missile warning app. The fake app contained a backdoor that gathered data like contacts, messages and locations. In another case, a pro-Israeli hacker group claimed credit for an attack that shut down many gas stations in Iran in retaliation for that country’s support of proxy groups fighting Israel.

Google also warned of the use of cyber-espionage campaigns against Israeli targets coming from malware on Android phones, though the company said hacking isn’t a major component of Hamas’ fighting.

In the six months leading up to the October attacks, Iran was responsible for around 80% of all government-backed phishing activity targeting users in Israel, Google reported. The frequency of those attacks accelerated following the start of the conflict, said Sandra Joyce, vice president of threat intelligence at Mandiant, a unit of Google Cloud.

“After October, the tempo of the attacks is really what changed, along with more pro-Palestinian messaging and messaging that was designed to undermine Israeli leadership,” Joyce said.

Copyright 2024 Bloomberg.

Topics
Cyber