Hackers potentially linked to the Palestinian militant group Hamas have targeted Israeli critical industry sectors with an updated version of the SysJoker backdoor malware. This new iteration of SysJoker, which was initially used against Israel’s educational institutions in 2021, marks a significant evolution in its capabilities and poses a heightened threat.
The Evolution of SysJoker
Originally, SysJoker was designed to target Windows, macOS, and Linux systems. However, the latest version, discovered in October, is written in the Rust programming language instead of C++. This shift to Rust is believed to be a strategic move to complicate analysis efforts. Cybersecurity firm Intezer, which conducted an in-depth analysis of the malware, noted that this change might simplify multi-platform targeting. The firm, along with Check Point, another cybersecurity entity, observed the timing of the new version’s arrival, coinciding with the war between Israel and Hamas.
Attribution and Connection to Hamas
While Intezer attributed the malware to a “previously unidentified” advanced persistent threat (APT) group, named WildCard, Check Point’s report suggests a connection between the updated SysJoker malware and Hamas. This connection is further supported by the presence of Arabic words in the malware code and links to the threat actor Gaza Cybergang, known for targeting the Israel Electric Company in 2016-17.
SysJoker’s Capabilities and Targets
The new backdoor variant of SysJoker is believed to have been recently used against critical sectors in Israel, such as education, IT infrastructure, and possibly electric power generation. The malware disguises itself as legitimate software, likely delivered through phishing emails. Once inside a system, SysJoker collects information about the infected computer, including the Windows version, username, and other data. It also has the capability to download and execute new malware on victim devices.
Operational Tempo and Future Threats
Researchers believe that this threat actor will likely increase its operational tempo to match the current conflict with Israel. The malware’s ability to infiltrate and potentially disrupt critical systems poses a serious risk to national security and critical infrastructure.
Conclusion: A Call for Vigilance and Enhanced Cybersecurity Measures
The emergence of this updated version of SysJoker malware underscores the ever-evolving nature of cyber threats and the importance of robust cybersecurity measures. As the digital landscape continues to be a key battleground, the need for advanced threat detection and response capabilities becomes increasingly crucial. Israel, being at the forefront of this renewed cyber threat, must remain vigilant and proactive in its cybersecurity efforts to counteract these sophisticated attacks. The situation also serves as a reminder to the global community about the importance of international cooperation in cybersecurity to address and mitigate such transnational cyber threats effectively.