A series of cyber attacks against Israel since mid-2013 appears to be coming from “Arab parties located in the Gaza Strip” and elsewhere, US security researchers say.
A research report by Trend Micro said the effort appears to be using “spear phishing” emails with an attachment disguised as a pornographic video.
When a user clicks on the attachment, it installs malware that allows for remote access of documents on the infected computer, the report said.
The researchers said in a report released Sunday that this highly targeted campaign dubbed “Arid Viper” is a sort of “smash-and-grab” first seen in the middle of 2013, and which uses network infrastructure located in Germany.
The security firm said those behind the scheme are using sophisticated methods with the goal of stealing sensitive data from Israeli-based organizations – government, transport, military and academia and one organization based in Kuwait.
A similar campaign which uses some of the same techniques and infrastructure has also been hitting targets in Egypt. This less sophisticated effort has been called Operation Advtravel by Trend Micro.
The researchers said both campaigns are hosted on the same servers in Germany and can be tied back to activity from Gaza.
“On one hand, we have a sophisticated targeted attack, and on the other a less skilled attack that has all the hallmarks of beginner hackers. So why would these groups be working together?” Trend Micro said in a blog post.
“Our working theory (and subject of continuing investigation) is that there may be an overarching organization or underground community that helps support Arab hackers fight back against perceived enemies of Islam. They may do this by helping set up infrastructures, suggest targets and so on.”
The report suggests there will be an increase of such “cyber militia” activity in the Arab world, where non-state actors fight against other organizations that would traditionally be considered enemies.