Mounting tensions in the Middle East have been exploited by Hamas-affiliated threat operation WIRTE — which had been linked to the Gaza Cyber Gang, also known as TA402 and Molerats — as it sought to broaden intrusions against organizations across Israel, according to The Hacker News.
After engaging in cyberespionage attacks that involved the distribution of RAR archive lures to deploy the IronWind downloader and Havoc post-exploitation framework, WIRTE proceeded to target numerous Israeli entities with the updated SameCoin Wiper malware in a phishing campaign impersonating an Israeli partner of cybersecurity firm ESET, a report from Check Point showed. Integrated within the new SameCoin Wiper variant was an encryption technique previously seen in a more recent iteration of the IronWind loader, researchers reported. "Despite ongoing conflict in the Middle East, the group has persisted with multiple campaigns, showcasing a versatile toolkit that includes wipers, backdoors, and phishing pages used for both espionage and sabotage," added researchers.
