Introduction
Recent campaigns suggest Hamas-linked actors may be advancing their TTPs to include intricate social engineering lures specially crafted to appeal to a niche group of high value targets. In September 2023, a Palestine-based group likely linked to Hamas targeted Israeli software engineers using an elaborate social engineering ruse that ultimately installed malware and stole cookies. The attackers, which Googleβs Threat Analysis Group (TAG) tracks as BLACKATOM, posed as employees of legitimate companies and reached out via LinkedIn to invite targets to apply for software development freelance opportunities. Targets included software engineers in the Israeli military, as well as Israelβs aerospace and defense industry
Activities and Tactics
Targeted Sectors: Military, Defense, Transportation
Country of Origin: π³οΈ Palestine
Risk Level: High
Incident Type: Espionage
Suspected Victims: Israel
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- SPACESHIP
- BlackEnergy
- BLACKCOFFEE
- Blackshades
- BlackNix
- BlackHole
Attribution and Evidence
Country of Origin: Palestine Additional attribution information pending cataloguing.
References
References pending cataloguing.