Molerats

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
Molerats, also known as Gaza Cybergang Group1, is a threat actor linked to Hamas that has been active for over a decade. This low-budget group has been tracked by researchers under various names including Molerats, Gaza Cybergang, Frankenstein, WIRTE, and Proofpoint’s TA402 designation. Among 16 Advanced Persistent Threat (APT) actors identified, Molerats was one of three groups connected to Hamas, with the others linked to Iran and China. The group's activities have predominantly targeted organizations in Saudi Arabia, the United Arab Emirates, and Israel. The Molerats group has been associated with several significant cyber-attacks, including the Electric Powder attacks and Operation Electric Powder, both of which targeted Israeli organizations. It is speculated that Molerats was behind these attacks due to their seasoned and effective hacking operations. Additionally, despite an absence of activity from other Hamas-connected cyber threat actors like Extreme Jackal and Renegade Jackal following the Oct. 7 terrorist attack in Israel, Molerats continued its operations unabated. Recently, Molerats has been implicated in attacks against Israeli targets using a Rust-based version of SysJoker, a multi-platform backdoor first discovered by Intezer in 2021. Researchers from Check Point revealed this in a blog post, further highlighting the group's persistent and evolving threat landscape. The group has also reportedly used an improved downloader as part of its initial access operations, demonstrating its ability to adapt and enhance its malicious capabilities.
What's your take? (Question 1 of 5)
3032974d-2895-4439-b763-85b5ada5b172 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Gaza Cybergang
5
The Gaza Cybergang, a threat actor suspected to be affiliated with the Palestinian militant group Hamas, has been involved in various cyber espionage campaigns targeting both Palestinian and Israeli entities since 2012. The group is known for its use of sophisticated malware, including variants of S
TA402
2
TA402, also known as Molerats, Gaza Cybergang, Frankenstein, and WIRTE, is a persistent and innovative threat actor that has been tracked by researchers for over a decade. The group is renowned for its cyber espionage activities, which include highly targeted phishing campaigns and the deployment of
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Backdoor
Malware
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SysjokerUnspecified
2
SysJoker is a malicious software (malware) that has recently come to the forefront of cybersecurity concerns. Developed using the Rust programming language, this backdoor malware is known for its ability to exploit and damage computer systems. It infiltrates systems through suspicious downloads, ema
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Molerats Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Hacking group’s new malware abuses Google and Facebook services
DARKReading
6 months ago
Molerats Group Wields Custom Cybertool to Steal Secrets in the Middle East
CERT-EU
6 months ago
Pro-Palestinian hacking group evolves tactics amid war
InfoSecurity-magazine
6 months ago
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CERT-EU
6 months ago
Shadowy hacking group targeting Israel shows outsized capabilities
Securityaffairs
6 months ago
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
MITRE
a year ago
Gaza Cybergang Group1, operation SneakyPastes
DARKReading
2 months ago
Saudi Arabia, UAE Top List of APT-Targeted Nations in the Middle East
DARKReading
6 months ago
Ransomware Attacks Strike South Africa, Decline in UAE
DARKReading
5 months ago
Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets
Checkpoint
6 months ago
20th November – Threat Intelligence Report - Check Point Research
CERT-EU
6 months ago
APT29 mounts cyberespionage campaign across Europe
DARKReading
3 months ago
Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops
CERT-EU
6 months ago
Novel espionage tool leveraged by pro-Palestinian hacking operation
Checkpoint
6 months ago
Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker - Check Point Research
DARKReading
6 months ago
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
DARKReading
6 months ago
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel