Hacker group launching 'sophisticated' catfish operation against Israel officials

Hacker

9 April 2022; MEMO: A number of Israeli officials are being targeted in a catfishing campaign by a hacker group allegedly affiliated with the Palestinian resistance group Hamas, in what is reported to be the latest politically-motivated cyber espionage operation used against prominent targets in Israel.

According to new findings published by the Israeli cyber security firm Cybereason's Nocturnus Research Team this week, the advanced persistent threat (APT) group named AridViper – also known as APT-C-23, Desert Falcon, and Two-tailed Scorpion – subjected Israeli officials and individuals to a catfishing campaign it called 'Operation Bearded Barbie.'

Over the past six months, the campaign has reportedly targeted "carefully chosen" Israeli individuals and aims to compromise their computer and mobile devices, spy on their activities, and steal sensitive data from them.

APT-C-23 conducts its campaign by first watching the targets and collecting information on them, before creating fake social media profiles – mostly in the form of young women – and initiating contact to try to convince them to download infected messaging applications. That process is known as social engineering.

Often starting from the social media platform Facebook, the fake account attempts to move its conversation with the target onto WhatsApp. From there, they either try to get the target to install another messaging app that they assure is more "discreet" but is infected, or, according to Cybereason, they send the target a sexual video which contains malware.

When one of the malware variants used by APT-C-23 infect a target's device, it will maintain a presence by gaining access to all the device's capabilities – files, archives, images, videos, etc – and will also be able to extract data from it and spread itself to connected external drives.

In its report, Cybereason called the hacker group's capabilities and tools a "new level of sophistication" for Hamas, which innovates its methods to successfully target "Israeli individuals working for law enforcement, military, and emergency services."

The report stated that the group's "tight grip" on their targets throughout its campaign "shows a considerable step-up in APT-C-23 capabilities, with upgraded stealth, more sophisticated malware, and perfection of their social engineering techniques which involve offensive HUMINT [human intelligence] capabilities using a very active and well-groomed network of fake Facebook accounts that have been proven quite effective for the group."

Following a review of the report, Facebook has reportedly removed all of the fake accounts used by the hackers from the platform, according to the Israeli news site Haaretz.