• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
pro hamas hacktivists targeting israeli entities with wiper malware

Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware

You are here: Home / General Cyber Security News / Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
October 30, 2023

A pro-Hamas hacktivist group has been observed utilizing a new Linux-primarily based wiper malware dubbed BiBi-Linux Wiper, focusing on Israeli entities amidst the ongoing Israeli-Hamas war.

“This malware is an x64 ELF executable, lacking obfuscation or protecting actions,” Security Joes stated in a new report revealed currently. “It lets attackers to specify target folders and can likely demolish an complete running process if operate with root permissions.”

Some of its other capabilities involve multithreading to corrupt documents concurrently to increase its speed and get to, overwriting data files, renaming them with an extension containing the challenging-coded string “BiBi” (in the format “[RANDOM_NAME].BiBi[NUMBER]”), and excluding particular file kinds from being corrupted.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

“When the string “bibi” (in the filename), might appear random, it holds major which means when mixed with matters these types of as politics in the Middle East, as it is a frequent nickname utilized for the Israeli Key Minister, Benjamin Netanyahu,” the cybersecurity organization extra.

The destructive malware, coded in C/C++ and carrying a file dimension of 1.2 MB, lets the risk actor to specify focus on folders via command-line parameters, by default opting for the root listing (“https://thehackernews.com/”) if no route is offered. On the other hand, doing the action at this degree necessitates root permissions.

One more noteworthy part of BiBi-Linux Wiper is its use of the nohup command during execution so as to run it unimpeded in the qualifications. Some of the file styles that are skipped from staying overwritten are all those with the extensions .out or .so.

“This is mainly because the risk depends on files this kind of as bibi-linux.out and nohup.out for its operation, alongside with shared libraries essential to the Unix/Linux OS (.so files),” the business stated.

The improvement arrives as Sekoia revealed that the suspected Hamas-affiliated danger actor identified as Arid Viper (aka APT-C-23, Desert Falcon, Gaza Cyber Gang, and Molerats) is most likely arranged as two sub-groups, with each cluster concentrated on cyber espionage pursuits from Israel and Palestine, respectively.

“Concentrating on people today is a typical practice of Arid Viper,” SentinelOne researchers Tom Hegel and Aleksandar Milenkoski claimed in an analysis produced previous week.

Cybersecurity

“This contains pre-picked Palestinian and Israeli high-profile targets as nicely as broader teams, typically from critical sectors this kind of as protection and federal government companies, regulation enforcement, and political parties or actions.”

Attack chains orchestrated by the team include social engineering and phishing attacks as original intrusion vectors to deploy a vast selection of custom made malware to spy on its victims. This comprises Micropsia, PyMicropsia, Arid Gopher, and BarbWire, and a new undocumented backdoor known as Rusty Viper which is penned in Rust.

“Collectively, Arid Viper’s arsenal delivers numerous spying abilities these kinds of as recording audio with the microphone, detecting inserted flash drives and exfiltrating documents from them, and stealing saved browser credentials, to name just a couple of,” ESET noted before this thirty day period.

Located this post interesting? Follow us on Twitter  and LinkedIn to read much more unique material we put up.


Some elements of this short article are sourced from:
thehackernews.com

Previous Post: «new webinar: 5 must know trends impacting appsec New Webinar: 5 Must-Know Trends Impacting AppSec
Next Post: Meta Launches Paid Ad-Free Subscription in Europe to Satisfy Privacy Laws meta launches paid ad free subscription in europe to satisfy privacy»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
  • Top 10 Best Practices for Effective Data Protection
  • Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
  • Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks
  • [Webinar] From Code to Cloud to SOC: Learn a Smarter Way to Defend Modern Applications
  • Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
  • Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
  • Pen Testing for Compliance Only? It’s Time to Change Your Approach
  • 5 BCDR Essentials for Effective Ransomware Defense
  • Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers

Copyright © TheCyberSecurity.News, All Rights Reserved.