Molerats

Threat Actor updated 4 months ago (2024-05-04T21:00:47.144Z)

Download STIX

Preview STIX

Molerats, also known as Gaza Cybergang Group1, is a threat actor linked to Hamas that has been active for over a decade. This low-budget group has been tracked by researchers under various names including Molerats, Gaza Cybergang, Frankenstein, WIRTE, and Proofpoint’s TA402 designation. Among 16 Advanced Persistent Threat (APT) actors identified, Molerats was one of three groups connected to Hamas, with the others linked to Iran and China. The group's activities have predominantly targeted organizations in Saudi Arabia, the United Arab Emirates, and Israel. The Molerats group has been associated with several significant cyber-attacks, including the Electric Powder attacks and Operation Electric Powder, both of which targeted Israeli organizations. It is speculated that Molerats was behind these attacks due to their seasoned and effective hacking operations. Additionally, despite an absence of activity from other Hamas-connected cyber threat actors like Extreme Jackal and Renegade Jackal following the Oct. 7 terrorist attack in Israel, Molerats continued its operations unabated. Recently, Molerats has been implicated in attacks against Israeli targets using a Rust-based version of SysJoker, a multi-platform backdoor first discovered by Intezer in 2021. Researchers from Check Point revealed this in a blog post, further highlighting the group's persistent and evolving threat landscape. The group has also reportedly used an improved downloader as part of its initial access operations, demonstrating its ability to adapt and enhance its malicious capabilities.

Description last updated: 2024-03-28T08:16:04.130Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Gaza Cybergang	5	The Gaza Cybergang is a threat actor that has been active since at least 2012, primarily targeting the Middle East and North Africa. The group is known for its intelligence collection and espionage campaigns against Palestinian and Israeli victims. It consists of three main subgroups: Group 1 (Moler
TA402	2	TA402, also known as Molerats, Gaza Cybergang, Frankenstein, and WIRTE, is a persistent and innovative threat actor that has been tracked by researchers for over a decade. The group is renowned for its cyber espionage activities, which include highly targeted phishing campaigns and the deployment of

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Phishing

Backdoor

Malware

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Sysjoker	Unspecified	2	SysJoker is a malicious software (malware) that has been used in cyber attacks targeting Israeli systems. This malware, developed in the Rust programming language, is capable of exploiting and damaging computer systems without the user's knowledge. It can infiltrate these systems via suspicious down

Source Document References

Information about the Molerats Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	5 months ago	Saudi Arabia, UAE Top List of APT-Targeted Nations in the Middle East
DARKReading	7 months ago	Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops
DARKReading	9 months ago	Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets
DARKReading	9 months ago	Ransomware Attacks Strike South Africa, Decline in UAE
DARKReading	9 months ago	Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
DARKReading	9 months ago	Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
InfoSecurity-magazine	9 months ago	SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
CERT-EU	9 months ago	Shadowy hacking group targeting Israel shows outsized capabilities
Securityaffairs	9 months ago	Hamas-linked APT uses Rust-based SysJoker backdoor against Israel
Checkpoint	9 months ago	Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker - Check Point Research
Checkpoint	10 months ago	20th November – Threat Intelligence Report - Check Point Research
CERT-EU	10 months ago	Novel espionage tool leveraged by pro-Palestinian hacking operation
CERT-EU	10 months ago	APT29 mounts cyberespionage campaign across Europe
DARKReading	10 months ago	Molerats Group Wields Custom Cybertool to Steal Secrets in the Middle East
CERT-EU	10 months ago	Pro-Palestinian hacking group evolves tactics amid war
MITRE	2 years ago	Gaza Cybergang Group1, operation SneakyPastes
MITRE	2 years ago	Hacking group’s new malware abuses Google and Facebook services