Gaza-Based Cyber Threat Actor ‘Storm-1133’ Strikes Israeli Energy and Defense Sectors, Microsoft Reveals
In a recent revelation, Microsoft has unveiled a series of cyberattacks targeting Israeli private-sector entities in the energy, defense, and telecommunications sectors. The source of these attacks has been traced back to a threat actor based in Gaza, identified as ‘Storm-1133.’
According to Microsoft’s fourth annual Digital Defense Report, ‘Storm-1133’ appears to operate with the aim of advancing the interests of Hamas, the Sunni militant group that holds de facto governance in the Gaza Strip. Notably, the targets of these attacks extend beyond Israeli organizations, including entities loyal to Fatah, a Palestinian political party headquartered in the West Bank.
The modus operandi of this campaign involves a combination of social engineering tactics and the creation of fraudulent LinkedIn profiles, posing as Israeli human resources managers, project coordinators, and software developers. These profiles are used to initiate contact, send phishing messages, gather reconnaissance, and deliver malware to employees within Israeli organizations.
Additionally, Microsoft has observed ‘Storm-1133’ attempting to infiltrate third-party organizations with known affiliations to Israeli targets of interest. These intrusions are orchestrated to deploy backdoors, complemented by a configuration that allows the group to dynamically update their command-and-control (C2) infrastructure, hosted on Google Drive.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
This dynamic approach to C2 infrastructure affords the threat actors a tactical advantage, enabling them to stay one step ahead of certain static network-based defenses.
This disclosure comes amid an escalation in the Israeli-Palestinian conflict, coinciding with a surge in malicious hacktivist activities, such as ‘Ghosts of Palestine.’ These operations aim to disrupt government websites and IT systems in Israel, the United States, and India.
The landscape of cyber threats continues to evolve, with nation-state actors shifting their focus from destructive attacks to long-term espionage campaigns. Notably, the United States, Ukraine, Israel, and South Korea have emerged as prominent targets in regions including Europe, the Middle East, North Africa, and the Asia-Pacific.
Trending: Offensive Security Tool: Noir
Microsoft’s report highlights the growing sophistication of Iranian and North Korean state actors in their cyber operations, bringing them closer to the capabilities of cyber giants like Russia and China. This evolution is evident in the recurrent use of custom tools and backdoors, such as ‘MischiefTut’ by ‘Mint Sandstorm’ (also known as ‘Charming Kitten’), facilitating persistence, evasion of detection, and credential theft.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
