New Hezbollah hacking operation was detected

Today’s news comes from the Czech Security Intelligence Service (BIS) that took down servers used by Hezbollah operatives to target and infect users around the globe with mobile malware.
Michal Koudelka, BIS Director declared “I can not comment on the details, but I can confirm that BIS has played a significant role in identifying and uncovering the hackers’ system. At first, we identified the victims and traced the attack to its source facilities and then proudly shut down Hezbollah servers.”

The servers were located in the Czech Republic and operated by Hezbollah, an Islamist political party and militant group based in Lebanon, which the US and NATO countries have labeled as a terrorist organization.
All the servers were used to sustain a malware distribution campaign that has been going on since the start of 2017.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Hezbollah hackers first move was to create Facebook profiles of fake attractive women, and then reach out the designated targets. The main purpose of the operation lure the target in private discussions and then convince it to install a third-party instant messaging application to continue the conversation via the malware-infested app.
After running a malware analysis, experts found that the app was infected with a spyware which was used by Hezbollah operatives to retrieve content from the victim’s phone.

The malware was hosted on servers located in the Czech Republic, the EU, and the US. The victims were men located in the Middle East, Central and Eastern Europe.
This isn’t the first terrorist organization that is using this tactic. In January 2017, the Israeli Defence Force warned that Hamas (Palestine) agents were using Facebook profiles posing as women to trick soldiers into installing malware on their devices. Then Hamas agents used the app to set up meetings with Israeli soldiers and ambush, kidnap, or kill them.

In July 2018 Hamas agents used the same tactic again, hiding malware in dating and World Cup-themed Android apps. The good news is that in the same month Facebook and Twitter have removed a large number of Hezbollah and Hamas-operated accounts from their networks.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.