Sunday, December 31, 2023

Operation HamsaUpdate: A Sophisticated Campaign Delivering Wipers Puts Israeli Infrastructure at Risk

According to a blog post by Intezer, Operation HamsaUpdate is a sophisticated campaign that puts Israeli infrastructure at risk by delivering wipers. The campaign was discovered after the Israel National Cyber Directorate released an urgent alert warning about a phishing campaign targeting Israeli customers using F5's network devices. The campaign features the deployment of a newly developed wiper malware that targets both Windows and Linux servers. Attackers use a convincingly written email in Hebrew and utilize sophisticated social engineering techniques to pressure victims to execute the harmful code residing on their servers. The final attack delivers a complex, multi-stage loader or a destructive wiper, each variant customized for either Linux or Windows environments. The Hamsa Wiper campaign represents a highly targeted attack on Israeli infrastructure, and the attackers have used advanced social engineering techniques to deliver a multi-faceted malware package, ultimately wiping data across Windows and Linux servers. The Israel National Cyber Directorate has made public the Indicators of Compromise (IOCs) associated with this campaign, including variants of the wiper malware. During the analysis, researchers also discovered a second wiper, dubbed "Hatef," which is a Windows variant of the malware. 

IoC

    IPv4

  • 31.192.237.207

    MD5

  • 8f69c9bb80b210466b887d2b16c68600

    SHA256

  • 336167b8c5cfc5cd330502e7aa515cc133656e12cbedb4b41ebbf847347b2767
  • 454e6d3782f23455875a5db64e1a8cd8eb743400d8c6dadb1cd8fd2ffc2f9567
  • 5d741f9af9da7ce79132daa37a200afed1cb0c28e47de35d127113d69cbab13d
  • 64c5fd791ee369082273b685f724d5916bd4cad756750a5fe953c4005bb5428c
  • 6f79c0e0e1aab63c3aba0b781e0e46c95b5798b2d4f7b6ecac474b5c40b840ad
  • aae989743dddc84adef90622c657e45e23386488fa79d7fe7cf0863043b8acd4
  • ad66251d9e8792cf4963b0c97f7ab44c8b68101e36b79abc501bee1807166e8a
  • ca9bf13897af109cb354f2629c10803966eb757ee4b2e468abc04e7681d0d74a
  • e28085e8d64bb737721b1a1d494f177e571c47aab7c9507dba38253f6183af35
  • f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3
  • fe07dca68f288a4f6d7cbd34d79bb70bc309635876298d4fde33c25277e30bd2

REFERENCES

  • https://intezer.com/blog/research/stealth-wiper-israeli-infrastructure/
  • https://otx.alienvault.com/pulse/6584316b9546f2e5af862d6f

TAGS

wiper, APT, hatef, hamsa, handala, israel

at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

En el contexto creciente de convergencia entre sistemas industriales, inteligencia artificial (IA) y digitalización, la gestión del riesgo c...