From Bar Refaeli to Gilad Shalit: How Gazan Hackers Are Targeting Israelis

A group of hackers from the Gaza strip have developed new software that grants access to computer systems of strategic Israeli companies and organizations.

Bar Refaeli
AP

The Molerats – a group of hackers from the Gaza Strip who have been targeting Israelis and Israeli websites since 2012 – have recently started using a piece of software that they developed themselves to spy on their targets, according to an Israeli cybersecurity company. Thus far, ClearSky Consulting and Intelligence Services reported that the Gazan hackers have been using off-the-shelf malware.

According to the report, this is the same group of hackers that was responsible for the now infamous Benny Gantz virus, which targeted several government officers in 2012 by using the name of the then-IDF chief of staff.

ClearSky experts believe that the group has also been targeting other countries in the Middle East, has links to Hamas and that at least some of its members reside in the Gaza Strip. According to ClearSky, the hackers have been focusing on Israeli military industries, embassies, journalists, banks and public bodies – as well as software developers.

In its report, ClearSky says that DustySky – the new home-made malware that the Molerats are using – is used as a keylogging phishing tool, which, if successfully deployed, would grant the hackers access to the computer systems of strategic companies and organizations. The malware is generally sent in large numbers of employees of certain organizations, but not necessary high-level officials.

The virus is sent to its intended targets inside emails with subject lines designed to entice the recipient to click. Among the subjects that the hackers have chosen are videos of Gilad Shalit during his five-year captivity by Hamas and news that supermodel Bar Refaeli is set to star in an Israeli espionage movie.

The malware is installed in the victim's computer once as attached file is opened and then it communicates with the organization's main control and command computers, sending sensitive information back to the hackers. The malware is programmed to search for certain keywords, including résumés (in English and Hebrew), passwords and files containing decryption keys.

ClearSky's Eyal Sela told Haaretz that the malware is not particularly sophisticated, "but it does possess some elements that allow it to avoid detection by anti-virus software." Indeed, Sela adds, the hackers themselves uploaded the virus to the Virus Total website, which examines suspect files using dozens of different anti-virus programs, none of which identified it as malware.