The campaign, called Operation Arid Viper, is a highly-targeted attack on high-value Israeli targets that links back to attackers located in Gaza, Palestine, Trend Micro said. The campaign uses spear-phishing emails with an attachment containing malware disguised as a pornographic video. The attached malware carries out data exfiltration routines for a large cache of documents gathered from their victims’ machines in a sort of “smash-and-grab” attack. The first related malware sample was seen in the middle of 2013.
Trend Micro has a working theory that there may be an overarching organisation or underground community that helps support Arab hackers fight back against perceived enemies of Islam. They may do this by helping set up infrastructures, suggest targets and so on.
The company predicts that there will be an increase of such “cyber militia activity” in the Arab world, where non-state actors fight against other organisations that would traditionally be considered enemies.
More details about Operation Arid Viper can be found here.