In March the security researchers at Qihoo 360 have discovered a new cyber spionage campaign conducted by APT-C-23 hacking group (also known as Two-Tailed Scorpion). A few weeks later, experts from Palo Alto Networks and ClearSky published their reports on the investigation of APT-C-23 activities.
The hacking group uses Windows malware (Kasperagent and Micropsia) and Android malware (SecureUpdate and Vamp) for cyber attacks aimed primarily at Palestine. However, some victims of these viruses were also detected in Israel, Egypt and the United States.
Researchers at threat intelligence company ThreatConnect recently found tens of new Kasperagent samples that had been compiled in April and May.
These samples dropped various fake documents associated with the Palestinian Authority. The documents referenced subjects such as the assassination of Hamas military leader Mazen Fuqaha, and banning of the Palestinian political party Fatah from Gaza.
Kasperagent had mainly been used as a reconnaissance tool and downloader before, but some newer samples include additional opportunities that allow hackers to steal passwords from browsers, take screenshots, log keystrokes, execute arbitrary commands, and exfiltrate files.
An analysis of the command and control C&C server showed that the domain contacted by the malware was hosted on an IP address that stored 4 domains, including 2 registered by a freelance web developer from Gaza.
Researchers believe the attack may have been aimed at Israel, Hamas or the Fatah party, whose members include the prime minister and president of the Palestinian Authority.
The attacks were carried out shortly after Hamas created a parallel institution to run local ministries in Gaza, which caused further tension between Hamas and the Palestinian Authority, and just before the Palestinian Authority held elections in the West Bank.