Home > News > Wiper Malware Alert: Threat Escalates! 🚨💻

Wiper Malware Alert: Threat Escalates! 🚨💻

: wiper malware alert: threat escalates! 🚨💻

Overview: Pro-Hamas Hacktivists Use Wiper Malware to Target Israeli Entities

A pro-Hamas hacktivist group has been observed using a new Linux-based wiper malware dubbed BiBi-Linux Wiper to target Israeli entities amidst the ongoing Israeli-Hamas war. The malware is an x64 ELF executable, lacking obfuscation or protective measures. This allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions. Some of its other capabilities include multithreading to corrupt files concurrently to enhance its speed and reach, overwriting files, renaming them with an extension containing the hard-coded string “BiBi,” and excluding certain file types from being corrupted.

The malware is coded in C/C++ and carries a file size of 1.2 MB, allowing the threat actor to specify target folders via command-line parameters, with the default option being the root directory (“/”) if no path is provided. However, performing the action at this level requires root permissions. During execution, the malware uses the nohup command to run unimpeded in the background. Some of the file types that are skipped from being overwritten are those with the extensions .out or .so.

The cybersecurity company, Security Joes, noted that while the string ‘bibi' (in the filename) may appear random, it holds significant meaning when mixed with topics such as politics in the Middle East, as it is a common nickname used for the Israeli Prime Minister, Benjamin Netanyahu. The development comes as Sekoia revealed that the suspected Hamas-affiliated threat actor known as Arid Viper is likely organized as two sub-groups, with each cluster focused on cyber espionage activities against Israel and Palestine, respectively.

Arid Viper targets individuals using social engineering and phishing attacks as initial intrusion vectors to deploy a wide variety of custom malware to spy on its victims. This comprises Micropsia, PyMicropsia, Arid Gopher, and BarbWire, and a new undocumented backdoor called Rusty Viper that's written in Rust. Attack chains orchestrated by the group include stealing saved browser credentials, recording audio with the microphone, detecting inserted flash drives, and exfiltrating files from them.

Security researchers from SentinelOne found that the Arid Viper group is targeting pre-selected Palestinian and Israeli high-profile targets, as well as broader groups, typically from critical sectors such as defense and government organizations, law enforcement, and political parties or movements. The group is also responsible for the development of a new wiper malware dubbed Bibi-Windows Wiper, which is capable of data destruction on end-user machines and application servers.

The conflict between Israel and Hamas has led to a surge in cyberattacks, including distributed denial-of-service (DDoS) attacks and defacements of government websites. The Israeli government has accused Hamas of using the internet to coordinate and plan its armed conflict against Israel. Check Point Software has identified a pro-Hamas hacktivist group that has been targeting Israeli organizations using a variety of cyberattacks, including phishing attacks and the deployment of custom malware.

illustrate a secondary feature image for the article on 'wiper malware', focusing on the aftermath of a malware attack. the scene should depict a digital environment turned chaotic, with files and folders disintegrating or vanishing, symbolizing data destruction. include visual metaphors such as shattered screens, disappearing digital information, and a background filled with chaotic code and cybersecurity warning symbols. the color palette should remain dark and foreboding, with splashes of red to signify danger and loss. this image seeks to visually convey the irreversible damage caused by wiper malware to digital infrastructure and data.

Frequently Asked Questions

What are the characteristics of the wiper malware used against Israeli targets?

The wiper malware used by pro-Hamas hacktivists against Israeli targets is called BiBi-Linux Wiper. This malware is a Linux-based x64 ELF executable that lacks obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire system. The malware is designed to wipe out the data on the infected system, making it unusable.

How are Israeli entities responding to the cyber threats posed by pro-Hamas hackers?

Israeli entities are responding to the cyber threats posed by pro-Hamas hackers by increasing their cybersecurity measures. They are using advanced security tools and technologies to detect and prevent cyber-attacks. The Israeli government has also launched a national cybersecurity program to enhance the country's cybersecurity capabilities.

What Advanced Persistent Threat (APT) groups are believed to be associated with Hamas?

Hamas is believed to be associated with several Advanced Persistent Threat (APT) groups, including the Gaza Cybergang, Molerats, and Desert Falcons. These groups have been responsible for several cyber-attacks against Israeli targets, including government agencies and private companies.

What measures can Israeli organizations take to protect themselves from wiper malware attacks?

Israeli organizations can take several measures to protect themselves from wiper malware attacks. These include:
Regularly updating their security software and operating systems
Implementing access controls and limiting user privileges
Conducting regular security audits and penetration testing
Backing up critical data and storing it in a secure location
Educating employees about cyber threats and best practices for cybersecurity

How does BiBi Linux relate to the cyber activities of pro-Hamas hacktivists?

BiBi Linux is a Linux distribution that is popular among pro-Palestinian hacktivists, including those affiliated with Hamas. The BiBi-Linux Wiper malware used in the recent cyber-attacks against Israeli targets is based on this distribution. The use of BiBi Linux by pro-Hamas hacktivists highlights the importance of understanding the tools and technologies used by cybercriminals.

What impact have the pro-Hamas cyber attacks had on Israeli cybersecurity strategy?

The pro-Hamas cyber attacks have had a significant impact on Israeli cybersecurity strategy. The attacks have highlighted the need for increased cybersecurity measures and the development of new technologies to detect and prevent cyber-attacks. The Israeli government has also increased its investment in cybersecurity and launched several initiatives to enhance the country's cybersecurity capabilities.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.