Hackers have managed to penetrate computer networks associated with the Israeli military in an espionage campaign that skillfully packages existing attack software with trick emails, according to private security researchers.
The four-month-old effort, most likely by Arabic-speaking programmers, shows how the Middle East continues to be a hotbed for cyber espionage and how widely the ability to carry off such an attack has spread, the researchers said.
Waylon Grange, a researcher with security firm Blue Coat Systems Inc who discovered the campaign, said the vast majority of the software was cobbled together from widely available tools, such as the remote-access Trojan called Poison Ivy.
The hackers were likely working on a budget and had no need to spend much on tailored code, Grange said, adding that most of their work appears to have gone into so-called social engineering, or human trickery.
The hackers sent emails to various military addresses that purported to show breaking military news, or, in some cases, a clip featuring “Girls of the Israel Defense Forces.” Some of the emails included attachments that established “back doors” for future access by the hackers and modules that could download and run additional programs, according to Blue Coat.
Using standard obfuscation techniques, the software was able to avoid detection by most antivirus engines, Blue Coat said. At least some software lodged inside government computers, because Blue Coat detected it “beaconing,” or sending signals to the hackers that it was in place.
