CyberSecurity updates
Updated: 2024-11-21 18:46:26 Pacfic

samanthar@checkpoint.com @ Check Point Research
WIRTE Threat Actor Continues Middle East Operations - 8d

The WIRTE threat actor, previously associated with the Hamas-affiliated Gaza Cybergang, continues to be active in the Middle East despite the ongoing war in the region. The conflict has not disrupted their operations, and they are leveraging recent events in the region for espionage operations, likely targeting entities in the Palestinian Authority, Jordan, Iraq, Egypt, and Saudi Arabia. WIRTE has expanded its activities beyond espionage and is now conducting disruptive attacks. Research has identified links between custom malware used by the group and SameCoin, a wiper malware targeting Israeli entities in two waves in February and October 2024. The group’s operations are characterized by consistent patterns, including domain naming conventions, communication via HTML tags, responses limited to specific user agents, and redirection to legitimate websites. While their tools have evolved, these core aspects remain consistent, making them a persistent threat in the Middle East.


This site is an experimental news aggregator using feeds I personally follow. You can reach me at Bluesky if you have feedback or comments.