Hezbollah likely behind malware that attacked Israeli servers

Malware program codeBy JOSEPH FITSANAKIS | intelNews.org
A report by a major Israeli computer security firm claims that “a Lebanese entity”, possibly Hezbollah, was behind a cyberespionage operation that targeted companies connected to the Israeli military. In late March, Israeli computer security experts announced they had uncovered an extensive cyberespionage operation that targeted computers in Israel, and to a lesser extent in the United States, Britain, Turkey and Canada. The cyberespionage operation, dubbed VOLATILE CEDAR by Israeli computer security experts, was allegedly launched in 2012. It employed a sophisticated malicious software, also known as malware, codenamed EXPLOSIVE. One Israeli security expert, Yaniv Balmas, said the malware was not particularly sophisticated, but it was advanced enough to perform its mission undetected for over three years.

It is worth noting that, during the period of operation, the EXPLOSIVE malware kept surreptitiously updating itself with at least four different versions, which periodically supplemented the original malware code. Additionally, once the discovery of the malware was publicized in the media, security experts recorded several incoming messages sent to the installed malware asking it to self-destruct. These clues point to a level of programming and operational sophistication that exceeds those usually found in criminal cyberattacks.

According to Israeli computer security firm CheckPoint, there is little doubt that the source of the malware was in Lebanon, while a number of programming clues point to Lebanese Shiite group Hezbollah as “a major player” in the operation. In a report published this week, CheckPoint reveals that most of the Israeli targets infected with the malware belong to data-storage and communications firms that provide services to the Israel Defense Forces. According to one expert in the firm, the malware designers took great care to avoid “a frontal attack on the IDF network”, preferring instead to target private entities that are connected to the Israeli military. More specifically, the web shells used to control compromised servers after successful penetration attempts were of Iranian origin. Additionally, the initial command and control servers that handled EXPLOSIVE appear to belong to a Lebanese company.

The head of CheckPoint’s security and vulnerability research unit, Shahar Tal, told Ha’aretz newspaper: “We are not experts on international relations and do not pretend to analyze the geopolitical situation in Lebanon”. But these attacks originated from there, and were specifically designed to infiltrate “systems that are connected to the IDF”, he added.

Advertisements

4 Responses to Hezbollah likely behind malware that attacked Israeli servers

  1. raincoaster says:

    Reblogged this on The Cryptosphere and commented:
    Volatile Cedar has been known for some time, but this is the first time anyone has definitely (rather than “let’s pick the obvious group”) tied it to Hezbollah.

  2. Pingback: Hezbollah likely behind malware that attacked Israeli servers | cryptoFellows bitcoin monitor

  3. Pingback: Hezbollah likely behind malware that attacked Israeli servers

  4. Anonymous says:

    I have no reason not to believe this story other than i trust nothing that comes out of Israel.

We welcome informed comments and corrections. Send us yours using the form below.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s