Gaza Cybergang | Unified Front Targeting Hamas Opposition

The Gaza Cybergang, active since at least 2012, is a group known for its cyber activities primarily targeting Palestinian entities. In recent years, particularly over 2022 and 2023, the group has shown a sustained focus on these targets, with their operations revealing no significant changes in dynamics since the beginning of the Israel-Hamas war. The group has been consistently upgrading its malware arsenal, including the introduction of a backdoor named Pierogi++, first used in 2022 and continuing its presence throughout 2023.

This backdoor represents an evolution in the group's capabilities, showcasing their ability to enhance their existing malware tools and create new implementations. The Gaza Cybergang's activities are characterized by the use of sophisticated tactics, techniques, and procedures (TTPs), and their ability to adapt and evolve their malware indicates a high level of technical expertise and resourcefulness.

The intertwined nature of the Gaza Cybergang's constituent sub-groups and their unified front in targeting opposition, particularly within the Palestinian context, suggest a complex and organized cyber operation. Their activities reflect a broader trend of state and quasi-state actors increasingly engaging in targeted cyber operations, which continue to pose significant challenges to cybersecurity efforts globally.

IoC

    DOMAIN

• zakaria-chotzen.info
• wayne-lashley.com
• wanda-bell.website
• swsan-lina-soso.info
• stgeorgebankers.com
• spgbotup.club
• porthopeminorhockey.net
• overingtonray.info
• nicoledotson.icu
• nicoledotso.icu
• lindamullins.info
• jane-chapman.com
• izocraft.com
• escanor.live
• delooyp.com
• claire-conway.com
• bruce-ess.com
• beatricewarner.com
• aracaravan.com

    SHA256

• fa98139b94cc56890af27e6dd02deb4da64b930e801492a966e0f13103808e2f
• e1f52ea30d25289f7a4a5c9d15be97c8a4dfe10eb68ac9d031edcc7275c23dbc
• d5e0e54391818df52966eabde9398d35dda1f7c66598880f87603c8d542bc6f3
• cb9fb42bfcae30b849fcc210d1ac4b39a12e32c6dc9d8523fcf9883632d7135e
• c4fdbfd6608748d7f675a83f392cd923e86a6d491395a611a3d651c3385708b8
• af87a91c71b3cca1184b4b1250cacec041430264d0f8ac56bde3a6b1173e84a2
• 884dad1ef6f5dfc2ee2d4e22cc64a97042637d79ce678038b5c00e56dc9241f0
• 8605a33115947343057847aba7ef0cbf57265e88b080a973b59960c2dbd0a003
• 83e0db0fa3feaf911a18c1e2076cc40ba17a185e61623a9759991deeca551d8b
• 602a53d05280240c2075924af5c0bb4f4d5e86b90ae92eb3e33003d60b1ea685
• 4d6e8eb2eb04da1efbd0a0fd6dddad39ead99dfcb391ef57668e4286232127f4
• 36037040711231986f7509a2aa2af74b33022defac4669fb0eb14beba7caff39
• 32d9d85b2105392eeb6109b27eb58c7a0ea84e7804fc19cba63fffa69d63daa4
• 27f4e0c718d4614543c95125d670f4420b1b0990a5fdb1da9e71fa3585045968
• 247bebcb221ba87b9198aa8f4102b4239e63bc2bf4bb97554c96a586b8c66007
• 1b1eb1c9ff1b60ba0643a80698404f9169d0006469303aa77e235ee8dd00d213
• 0a253739465b77c313e3127b3969b58d08674f2fc3fea7449e6dfbba7c4deafd

REFERENCES

• https://www.sentinelone.com/labs/gaza-cybergang-unified-front-targeting-hamas-opposition/#:~:text=,Hamas%20war
• https://www.globalsecuritymag.com/spip.php?page=article&id_article=146567#:~:text=%23%20%E3%80%901%E2%80%A0Gaza%20Cybergang%20,groups
• https://allinfosecnews.com/item/gaza-cybergang-unified-front-targeting-hamas-opposition-2023-12-14/#:~:text=,Hamas%20%E2%80%A6
• https://thecyberwire.com/newsletters/daily-briefing/12/237
• https://www.globalsecuritymag.fr/spip.php?page=article&id_article=146567#:~:text=%23%20%E3%80%9013%E2%80%A0Gaza%20Cybergang%20,primarily%20targeting%20Palestinian%20entities
• https://otx.alienvault.com/pulse/657b6fc5f21adc5b57300979

TAGS

gaza cybergang, pierogi, arid viper, wirte, barbwire, big bang, c2 server, israelhamas war, micropsia, delphi, stark, sharpstage, cybergang, pymicropsia, dropbook, lastconn, ta401, bigbang, prev sandman