Subscribe to the InfoTech eNewsletter

infoTECH News

TMCNet:  Study Shows Israel and Palestinian Territories under Cyber Attack from Same Source for More Than One Year

[November 12, 2012]

Study Shows Israel and Palestinian Territories under Cyber Attack from Same Source for More Than One Year

Nov 12, 2012 (M2 PRESSWIRE via COMTEX) -- An in depth analysis of millions of malware samples dating back to October 2011, has revealed that many of the recent attempts by the Israel government to prevent Trojan injections into sensitive police, ministry and embassy computers, may have been too late. According to Norman AS, a leading malware analysis firm with offices in Oslo, Norway and San Diego, California, multiple malware attacks against Israeli and Palestinian targets have been going on for at least a year--first focused on Palestinian, then Israel. A few weeks ago, Israeli law enforcement discovered messages wrongly identified as coming from Israeli Defense Force Chief of Staff Benny Gantz. This was their first notice of a possible attack. Similar messages had also gone out to Israeli embassies around the world. When unsuspecting recipients opened the email, they found an archive attached containing a surveillance tool camouflaged as a document. When opened, hackers could steal information and remotely take control of the computer.

In an attempt to discover if this was an isolated incident or something more significant, Norman researchers ran samples from Norman's large database of known malware through the company's malware analyzer. It appears that the attacks were performed by the same attacker, as the malware in question communicate with the same command-and-control structures, and in many cases are signed using the same digital certificate. While unknown at this point, the purpose is assumed to be espionage and surveillance.

Norman AS Vice President Einar Oftedal, is available to provide additional details and commentary on this news and Norman's analysis.

The hackers first directed malware network traffic to command and control servers in the Gaza Strip, and then to hosting companies in the U.S. and U.K. according to the investigation.

"The attacker is still unknown to us" commented Oftedal. "There are several possible alternatives based on the various power blocks in the region. One thing is for certain, with off-the-shelf malware available to anyone, the cost of mounting such an operation is low enough that anyone could be behind it." The malware used was in most cases shown to be XtremeRat, a commercially-available surveillance and remote administration tool.

Contact Information: Gary Thompson, 925.768.2400 Tim Johnson, 415.385.9537 ((M2 Communications disclaims all liability for information provided within M2 PressWIRE. Data supplied by named party/parties. Further information on M2 PressWIRE can be obtained at on the world wide web. Inquiries to

[ InfoTech Spotlight's Homepage ]

blog comments powered by Disqus


Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers