An utility disseminated by Hamas through the personal messaging app Telegram clued security investigators in to a crossover between the militant Palestinian group and cyber infrastructure linked to Iran, in addition to hyperlinks to a recognized hacker group.
In response to a report from cybersecurity firm Recorded Future’s Insikt Group, the analysis group first recognized the applying — whose core performance is presently unknown — on October 11, 4 days after Hamas’ bloody assaults in opposition to Israel started.
The appliance, posted to a Telegram Channel, is designed to speak with a website mentioned to behave as an outlet for the Al-Qassam Brigade, the navy wing of Hamas. The precise addresses utilized by the applying have been various, popping up in Panama, Lebanon, Ukraine and Russia, however the Insikt Group group was unable to get the app to operate in sandbox testing, hypothesizing that its command-and-control servers had been taken down by DoS assaults.
A cluster of domains that shared a Google Analytics code have been linked to different domains that, in flip, are related to Hamas menace actors. A few of these domains, moreover, have been linked through naming conference commonalities to an APT (superior persistent menace) group often called TAG-63, AridViper, APT-C-23, or Desert Falcon, which the group now believes to have ties to Hamas.
“The infrastructure overlaps that have been recognized between the Hamas utility and the cluster of domains we suspect are linked to TAG-63 tradecraft are notable,” the report mentioned. “They depict not solely a potential slip in operational security but in addition possession of the infrastructure shared between teams. One potential speculation to clarify this statement is that TAG-63 shares infrastructure sources with the remainder of the Hamas group.”
One other area linked to the Al-Qassam Brigade’s web site in an analogous technique to TAG-63, in line with the report, contained naming hyperlinks suggesting Iranian involvement, together with subdomains utilizing the Farsi phrases for “attendant” or “comrade” and “director.”
