The cyberespionage group “Gaza Cybergang” resuming operations in April 2016 after shutting down activities following the ClearSky's discovery of the gang's presence in January 2016, researchers said.
Researchers believe the Hamas terrorist organization is behind the attacks and said the gang has now set its sights on governmental and diplomatic institutions in Israel, the United States, Egypt, Saudi Arabia, United Arab Emirates and the Palestinian Authority, according to ClearSky's Operation DustySky Part 2 report.
In some of the new attacks, the gang sent phishing emails containing malicious attachments. Some of the files contained macros and in all cases the attackers relied on social engineering tactics to lure victims into opening the files containing malware, researchers said.
Once a victim is infected, the malware scans their computer for files containing information on homeland security, military issues, personal documents, credentials, certificates and private keys.