Anonymous #OpIsrael Participants Targeted with RATs by Unknown Threat Actor

[CrAKeN]

Anonymous members who wanted to participate in this year's annual #OpIsrael cyber-attacks were the targets of an intelligence gathering operation carried out by an unknown threat actor.

 

#OpIsrael is an annual campaign of the Anonymous hacker collective that takes place on April 7. The date was chosen in 2013, the first year when #OpIsrael took place.

 

Initially, the attackers wanted to attack Israel ahead of the local Holocaust Remembrance Day, which that year fell on April 8. Because Israel's National Holocaust Remembrance Day falls on a different day each year, between April 7 & May 7, attacks in subsequent years stuck to the April 7 date.

 

During this day each year, several Muslim-dominant Anonymous factions launch attacks against Israeli targets, such as defacements, DDoS attacks, or data leaks.

 

In most cases, these have been attacks against small targets, and rarely have hackers targeted government agencies. Most of the time, security experts called #OpIsrael a nuisance, rather than a threat, but the hatred between Israel and nearby Muslim countries ensured the campaign took place year after year, no matter how lame some of the attacks were.

 

Links spreading RATs found on Twitter

Just like each year, weeks before April 7, various Anonymous groups started promoting this year's #OpIsrael campaign on Twitter, Facebook, and YouTube.

 

Digging through the vast number of tweets, threat intelligence analysts from US cyber-security firm Digital Shadows found a Twitter account that was offering free DDoS tools for anyone willing to participate in the attacks.

 

The practice of creating special DDoS tools for a specific event isn't anything out of the ordinary, as Anonymous hackers did the same thing for the massive DDoS attacks against the Brazilian government during the Rio Olympics last summer.

 

Those tools weren't laced with malware, but the ones distributed in #OpIsrael are. For example, the tweet below urges users to download an Android app that would allow users to launch DDoS attacks from their phone against a target of the #OpIsrael campaign.

 

 

The link, obfuscated for obvious reasons, leads the user to a SendSpace page where they can download the malicious APK.

 

 

A VirusTotal scan of the app reveals its malicious payload, a Remote Access Trojan that was packed inside the app and which allows attackers to access the hacktivist's camera, SMS messages, microphone, browser, call logs, and physical location via GPS.

 

Similarly, the same Twitter account also tweeted download links to a similar tool for Windows users.

 

 

This link led to a legitimate site that appeared to have been compromised and used to host a similar malware-laced DDoS tool.

 

 

At the time of writing, the malware payload was removed from the website, so we couldn't get a copy of the tool. According to Digital Shadows experts, this Windows app contained a copy of Dark Comet, a powerful RAT that grants attackers full control over the victim's PC.

 

Who's behind the attacks?

Just like #OpIsrael is a campaign by Anonymous Muslim members, there is also #OpIslam, a similar operation carried out by Anonymous members of other religion groups.

 

It is safe to speculate that two parties are the main suspects behind the Twitter account spreading the RATs.

The first could be fellow Anonymous members participating in #OpIslam, and who want to sabotage the efforts of #OpIsrael attackers, and possibly reveal their real identities.

 

The second group could be Israeli intelligence services, who want to uncover the individuals who've been attacking Israeli businesses and individuals in the past years.

 

Past #OpIsrael campaigns

Last year, in 2016, the #OpIsrael campaign was fueled by pro-Palestine hacker groups, usually of Arab origin, such as Anonymous Arab, AnonGhost, AnonSec, and the Meca group.

 

In 2015, an Anonymous hacker named Mauritania Attacker, member of AnonGhost, donated the money the group stole in #OpIsrael attacks to multiple Palestinian charities.

 

In 2014, following the successful #OpIsrael DDoS attacks from 2013, several Israeli government departments opted to shut down their websites on their own terms instead of dealing with the DDoS attacks.

 

Attacks took place, but Israeli hackers fought back and exposed some of the attackers.

 

Source

[steven36]

Israeli Hackers Expose 'Anonymous' Members -2014

 

 

Quote

 

The anti-Israel hackers “are good at talking and small hacks, but we aren’t dealing here with the global Anonymous,” said the Israeli, explaining that “Anonymous Palestine” is primarily made up of small groups of Arab and other anti-Israel hackers who unilaterally decided to use the name “Anonymous.”

Most of the participants were found in Malaysia and Indonesia, with others in Portugal, the U.K., Italy, Finland, and Saudi Arabia, Israel's Channel 2 reported.

 

 

https://www.youtube.com/watch?v=WO5-yhLnmVg&feature=youtu.be

 

Quote

 

"One year ago [2013] you have declared war by starting the first OpIsrael. An operation that has failed miserably. Not only did you lie to your own followers about the outcome of the operation, but you have also made yourself an enemy which you cannot defeat. One year ago we took down your own website and the main site of OpIsrael. One year ago you have lost in a war that you yourself started. One year ago we have won … we are the Israeli Elite Force, and thou shall not mess with the

 

best."

 

http://www.businessinsider.com/opisrael-hackers-2014-4

Anonymous's 'Electronic Holocaust' Against Israel Falls Flat - 2015

http://www.newsweek.com/anonymous-electronic-holocaust-against-israel-has-limited-success-320176

Cyber War: Israelis Expose #OpIsrael Hackers -2016

https://cyware.com/news/cyber-war-israelis-expose-opisrael-hackers-28ec8d79

Just more fake Anonymous! more proof  the real Anonymous dont really exist any more since 2012 .

http://www.huffingtonpost.com/2013/08/21/anonymous-arrests-fbi_n_3780980.html