Dozens of Israeli soldiers have had their smartphones hacked by the Hamas militant group posing as women seeking attention. This sort of honey-trap is not the first of its kind comments Jens Monrad, Head of Intelligence of EMEA at FireEye who references the Syrian conflict to highlight how this tactic is part of a wider trend.
The Hamas “honey-trap” is not the first of its kind when it comes to what appears to be a cyber espionage campaign. In 2015 we published a blog on an incident related to the Syrian conflict, which used a similar method. In this case, the threat group stole hundreds of documents, and around 31,107 logged Skype chat sessions that included discussions of tactical battle plans, strategies and personal information of the Syrian opposition’s attacks on Assad’s forces.
To undertake this operation, the threat group seduced its victims through conversations with seemingly sympathetic and attractive women. A female avatar would strike up a conversation on Skype and share a personal photo with her target. When the hacker’s photo arrived, it was in fact, infected with malware tailored to seize control of the victim’s device— whether it was an Android phone or a computer. Once the target downloaded the malware, the threat group accessed his device, rifled through files and selected and stole data identifying opposition members, their Skype chat logs and contacts, and scores of documents that shed valuable insight into the opposition.
From an adversary perspective, it is all a matter of using the resources you have available. While you cannot compare Hamas’ maturity against more offensive capable nation-states, the fact that you are either less mature or potentially being boxed in by sanctions as we see with Iran, force the development of malware and campaigns to be more agile and creative when it comes to targeting victims. We saw this earlier in 2019 with what we assessed to be Iranian nexus-espionage actors utilising Linkedin as a platform to try and lure victims into clicking on the links in private messages containing malware.
When it comes to gaining the upper hand in a conflict, being able to infiltrate and gather intelligence on your opposition is highly valuable because if you know your enemy’s next move, it’s enough to sweep the rug from beneath their feet. Organisations in general and particularly organisations within military and defence, need to educate their staff on how to spot these honey-traps and understand the deception tactics to avoid clicking on suspicious documents which can lead to disastrous consequences. These siren calls are well planned and executed not to arouse suspicion. In the case of the recent Hamas attack, the women had fully fleshed out social-media profiles, used Hebrew slang and had profiles across multiple platforms to keep up the ruse.