Contact Info

Atlas Cloud LLC 600 Cleveland Street Suite 348 Clearwater, FL 33755 USA

support@dedirock.com

Client Area
Recommended Services
Supported Scripts
WordPress
Hubspot
Joomla
Drupal
Wix
Shopify
Magento
Typeo3

A threat group linked to Hamas known as WIRTE has escalated its cyber operations from espionage to conducting disruptive attacks specifically targeting Israeli entities. This group’s activities are not confined to Israel; they have also affected the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, as highlighted by analysis from Check Point.

Despite the ongoing conflict, WIRTE continues its operations without interruption. Check Point reported that alongside espionage efforts, at least two distinct waves of disruptive attacks against Israel have occurred, leveraging the heightened tensions in the region for their malicious intents.

WIRTE, classified as a Middle Eastern advanced persistent threat (APT), has been active since at least August 2018. Its tactics, techniques, and procedures have linked it to the Gaza Cyber Gang—also known by other monikers such as the Molerats and TA402. Notably, this group is known for deploying various malware tools, including BarbWire and IronWind.

Check Point’s investigation indicates that the group’s activities remain robust despite the conflict’s escalation. They have notably used geopolitical instability to craft deceptive RAR archive files to execute malware, particularly utilizing the Havoc post-exploitation framework to gain deeper access to targeted systems.

In a series of recent campaigns, a phishing operation launched in October targeted several Israeli organizations, including healthcare facilities and local governments. Emails resembling communication from a trusted cybersecurity partner in Israel were sent, distributing a new version of the SameCoin Wiper malware, which is known for overwriting files with random data. This updated version additionally alters the victim’s system background to display imagery associated with the Al-Qassam Brigades, the military wing of Hamas.

The SameCoin malware itself was initially discovered earlier in 2024, advertised deceptively as a security update. Details show that the malicious software had its timestamps manipulated to coincide with the October 7 surprise offensive launched by Hamas.

Overall, the persistence and adaptability of WIRTE’s operational methods highlight their intent to conduct both espionage and disruptive activities simultaneously, utilizing a versatile toolkit that includes wipers, backdoors, and phishing strategies to exploit vulnerabilities in regional cybersecurity.


Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.

Share this Post
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x