A series of Hamas-sponsored cyberattacks targeting officials in the Palestinian Authority was uncovered during the last several months by Cybereason, the Israeli security company reported on Thursday.
The Boston-based company revealed several cyber-warfare operations targeting organizations and individuals in the West Bank and the Gaza Strip – including PA officials – in a report from its Nocturnus Research Group titled "New Cyber Espionage Campaigns Targeting Palestinians."
According to Cybereason, having identified the targets, the Hamas unit would hack into the victims' mobile phones, gaining access to their microphones and cameras as well as files and information stored on the devices.
Cybereason says it monitored the attacks, discovering they were carried out in a similar way to previous attacks the unit committed against Israeli strategic assets. The unit, says the company, is a politically-motivated cell that has acted against various targets across the Middle East since 2012.
The cell reportedly used new malware called Pierogi first discovered in December 2019 by Cybereason, resembling patterns of action used in the past by MoleRATs.
The Israeli researchers discovered confirmation that Pierogi made use of the Ukrainian language, having reason to believe it was created by Ukrainian-speakers, falling into the hands of the pro-Hamas cyber cell through the dark web.
"These tools allow their users to spy on their victims and control their devices, leaking information, stealing content and files," says a source from Nocturnus Research Groups. "In the last years, we have been witnessing an increase in the level of abilities and overall sophistication among the cells operating in the Middle East."
The source added that the attacks carried out by the cells "are not yet as sophisticated as those sponsored by world powers, but it is clearly visible that there is learning and acquisition of advance cyberwarfare abilities."
Cybereason was founded by Lior Div (CEO), Yossi Naar (CVO) and Yonatan Shitrit Amit (CTO) in 2012. The company develops systems that gather information from all servers and stations in an organization, analyzing their behavior in real time.
Using that information, their product identifies malicious activity, revealing the timeline of the attempted cyberattack.
The company's clients include individuals, international banks and corporations, including ones included in Fortune 500. The company has raised $400 million from SoftBank, Lockheed Martin and other investors. The corporation's offices are located in Tel Aviv, Boston, London, Sydney, Tokyo and other cities.
According to the report, a Hamas cyber-warfare unit working under the names "The Gaza Cybergang" and "MoleRATs" targeted Palestinian officials using content related to US President Donald Trump's "Deal of the Century" and the assassination of IRGC Quds Force commander Qasem Soleimani, alongside other topics relating to the Israeli-Palestinian conflict.
In January, the US executed a drone strike near the Baghdad International Airport, killing ten people, including Soleimani as well as Abu Mahdi al-Muhandis, Iraq's pro-Iranian Popular Mobilization Forces (PMF) commander of Kata'ib Hezbollah (Hezbollah Brigades).
Following the attack, Iran launched 13 ballistic missiles toward US bases and assets in Iraq and later shot down a Ukrainian passenger plane over Tehran, saying it had been mistaken for an American cruise missile.
In late January, the Trump administration released its peace proposal for the Israeli-Palestinian conflict. The plan, which allows Israel to annex 30% of the West Bank, caused massive outrage in the Palestinian territories – although it is supported by numerous countries in the West as well as US allies in the Middle East.
Last week, several lone-wolf attacks targeting Israeli soldiers were carried out in the West Bank and Jerusalem within less than 15 hours, with over a dozen casualties, after four Palestinians were shot by the IDF during the riots that followed the release of Trump's deal. The IDF reinforced its troops in the West Bank and Jerusalem after the attacks.
Hamas has criticized the Palestinian Authority for not terminating its security coordination with the Israeli security forces following the death of the rioters, accusing the PLO-ruled government of collaborating with Israel.
In June 2007, Hamas militants overthrew the PA's rule over the Gaza Strip after the authority carried out mass arrests of Hamas members in order to prevent the organization from launching rockets toward the southern city of Sderot.