Researchers say Israel’s Civil Administration computer was infected with Xtreme RAT malware
Earlier this month hackers infiltrated the Israeli Ministry of Defence through an infected email attachment and took complete control of at least one machine, suggests research from Seculert.
According to Aviv Raff, CTO of the Israeli security company, the way the malware code was deployed hints at Palestinian involvement.
The exact reason behind the attack is unknown. Israeli authorities have refused to comment on the topic.
According to Raff, the attack was initiated on 15 January through a mass email that claimed to originate from the Shin Bet, Israel’s internal security service, and contain information about the death of former prime minister Ariel Sharon.
The attachment inside was infected with ‘Xtreme RAT’ malware, controlled from a server in the US. It had spread to a total of 15 machines, including one belonging to Israel’s Civil Administration – a government body that operates in the occupied West Bank and monitors Palestinian activity.
Raaf said only the Civil Administration’s public network was affected and that no classified communications were compromised. He told Reuters the tools and methods used in this attack were similar to those favoured by hackers linked to Palestine.
The attack came as Israel’s Prime Minister Benjamin Netanyahu was busy promoting the country’s technology and cyber security markets at the World Economic Forum in Davos, Switzerland.
“Gaining control of computer systems via an email attachment is so old school that it is akin to breaking into the NSA headquarters with a trebuchet,” commented Phil Barnett, VP of Global Accounts at Good Technology. “The success of this social engineering technique to infiltrate systems highlights the danger of human error within cyber security defences. It is critical that employee decisions and instincts are supported by cyber technologies that caution their movements without restricting workflows.
“The potential for malware infection is increasingly significant as more entry points and devices are connecting to networks. The mobility of the 21st century calls for a new era of cyber defences, but this incident reminds us that we can’t forget the old.”
Over the last few years, the Middle East has become a battleground for hackers serving various political interests. Iran had previously accused Israel of attacking its oil platforms, and it is understood that Stuxnet, the malware used to derail Iran’s nuclear programme, was made in collaboration between Israel and the US.
Netanyahu recently claimed Iran and its Palestinian and Lebanese allies are targeting critical Israeli infrastructure with “non-stop” cyber attacks.
Meanwhile, the Syrian Electronic Army is quickly making a name for itself thanks to highly visible attacks on technology and media companies.
How well do you know network security? Try our quiz and find out!