Cybersecurity researchers have uncovered a Rust version of the cross-platform backdoor, SysJoker, shedding light on its utilization by a threat actor with alleged ties to Hamas. The malicious activity has been observed amid the ongoing conflict in the region.
According to an analysis by Check Point, the Rust variant of SysJoker reveals a significant overhaul of the malware, with a complete rewrite of the code while maintaining similar functionalities. Notably, the threat actor has transitioned from using Google Drive to OneDrive for storing dynamic command-and-control server (C2) URLs.
"Being cross-platform allows the malware authors to gain an advantage of wide infection on all major platforms," VMware stated last year. "SysJoker has the ability to execute commands remotely as well as download and execute new malware on victim machines."
The Rust variant introduces random sleep intervals during execution stages, indicating an effort to evade sandboxes and enhance the malware's stealth capabilities. The use of OneDrive to retrieve encrypted and encoded C2 server addresses allows attackers to easily change the C2 address, staying ahead of reputation-based services.
Check Point's analysis also brought to light two previously unseen SysJoker samples designed for Windows. These samples exhibit increased complexity, with one employing a multi-stage execution process to launch the malware on compromised hosts.
Although SysJoker has not been officially attributed to any specific threat actor or group, evidence suggests potential links to Operation Electric Powder. This operation targeted Israeli organizations between April 2016 and February 2017 and was previously associated with a Hamas-affiliated threat actor known as Molerats (aka Extreme Jackal, Gaza Cyber Gang, and TA402).
"Both campaigns used API-themed URLs and implemented script commands in a similar fashion," Check Point noted, raising the possibility that "the same actor is responsible for both attacks, despite the large time gap between the operations."
The discovery underscores the evolving tactics of threat actors in cyberspace and the continuous adaptation of malware to achieve malicious objectives. As the situation unfolds, vigilance and proactive cybersecurity measures become increasingly crucial to safeguard against sophisticated threats.
Comments
Post a Comment