Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,586
- Points
- 113
The report revealed possible links between Hamas and one of the oldest and most experienced hacker groups.
Recorded Future discovered possible signs of cooperation between the Palestinian organization Hamas and one of the longest-lived groups of hackers who speak Arabic.
According to the Recorded Future report, Hamas allegedly reached out to operators outside of Gaza and "third parties" in order to keep a news site linked to its military wing, Al-Qassam, operational during the conflict with Israel.
A few days after the conflict broke out, the Telegram channel used by Hamas members and supporters announced the launch of an app linked to Al-Qassam. The app was released with the aim of spreading the message of Hamas.
Keeping a website or app running in Gaza is a daunting task. The airstrikes in Gaza damaged the region's Internet infrastructure and caused a power outage. In addition, the region is constantly being attacked by hackers with political motivation. Some providers may have refused to host sites linked to Hamas.
According to the researchers, Hamas is trying to circumvent this problem by sharing its infrastructure with those who can help maintain it. After the conflict started, the operators of the Al-Qassam site moved the site between different providers.
Analyzing the Hamas infrastructure, the researchers found suspicious redirects to the Al-Qassam site and the same Google Analytics code associated with the site's domain and about 90 other domains.
The researchers were able to identify the intended operators of the two domain clusters. The first cluster used registration techniques similar to the TAG-63 hacker group (AridViper, APT-C-23), which is considered a state-backed cyber espionage group. TAG-63 is known for its actions against Arabic-speaking individuals in the Middle East. The group is believed to be acting on behalf of Hamas.
The second group of domains was presumably related to Iran and contained several subdomains with links to Iran, including Persian terms such as "director" and "comrade".
One of the pages linked to Iran was used to mimic the website of the World Organization Against Torture (OMCT). It was not possible to confirm whether this site was used by hackers for phishing or social engineering.
Iran maintains close ties to Hamas, and only the Quds Force (Al-Quds Brigades, AQB), an Iranian unit specializing in unconventional warfare and military intelligence, is known for its support of Hamas in cyberspace and other Palestinian hacker groups. Although there is not much evidence of cooperation between both parties, this report provides an overview of how groups can help each other.
Recorded Future discovered possible signs of cooperation between the Palestinian organization Hamas and one of the longest-lived groups of hackers who speak Arabic.
According to the Recorded Future report, Hamas allegedly reached out to operators outside of Gaza and "third parties" in order to keep a news site linked to its military wing, Al-Qassam, operational during the conflict with Israel.
A few days after the conflict broke out, the Telegram channel used by Hamas members and supporters announced the launch of an app linked to Al-Qassam. The app was released with the aim of spreading the message of Hamas.
Keeping a website or app running in Gaza is a daunting task. The airstrikes in Gaza damaged the region's Internet infrastructure and caused a power outage. In addition, the region is constantly being attacked by hackers with political motivation. Some providers may have refused to host sites linked to Hamas.
According to the researchers, Hamas is trying to circumvent this problem by sharing its infrastructure with those who can help maintain it. After the conflict started, the operators of the Al-Qassam site moved the site between different providers.
Analyzing the Hamas infrastructure, the researchers found suspicious redirects to the Al-Qassam site and the same Google Analytics code associated with the site's domain and about 90 other domains.
The researchers were able to identify the intended operators of the two domain clusters. The first cluster used registration techniques similar to the TAG-63 hacker group (AridViper, APT-C-23), which is considered a state-backed cyber espionage group. TAG-63 is known for its actions against Arabic-speaking individuals in the Middle East. The group is believed to be acting on behalf of Hamas.
The second group of domains was presumably related to Iran and contained several subdomains with links to Iran, including Persian terms such as "director" and "comrade".
One of the pages linked to Iran was used to mimic the website of the World Organization Against Torture (OMCT). It was not possible to confirm whether this site was used by hackers for phishing or social engineering.
Iran maintains close ties to Hamas, and only the Quds Force (Al-Quds Brigades, AQB), an Iranian unit specializing in unconventional warfare and military intelligence, is known for its support of Hamas in cyberspace and other Palestinian hacker groups. Although there is not much evidence of cooperation between both parties, this report provides an overview of how groups can help each other.
