Operation Electric Powder

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Operation Electric Powder is a threat actor operation that was actively involved in targeted attacks against Israeli organizations between 2016-2017. This operation, as previously reported by ClearSky, has been linked to the threat actor known as Gaza Cybergang, also referred to as Molerats. The cybersecurity industry identified Operation Electric Powder through its unique characteristics, which were shared among multiple variants of SysJoker, a sophisticated malware used in cyber-attacks. A deep analysis of newly discovered variants of SysJoker revealed ties to undisclosed samples from Operation Electric Powder. This connection suggests that these operations may share common origins or operators. It's noteworthy that these specific traits of SysJoker are only shared with one other campaign, further highlighting the significant association with Operation Electric Powder. In addition to these connections, Check Point and ClearSky have observed behavioral similarities between SysJoker variants and Operation Electric Powder. These similarities suggest a possible overlap in tactics, techniques, and procedures (TTPs) used by the threat actors behind these campaigns. The continued investigation into these connections will be crucial in developing defenses against future threats posed by these and related threat actors.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Gaza Cybergang
2
The Gaza Cybergang, a threat actor suspected to be affiliated with the Palestinian militant group Hamas, has been involved in various cyber espionage campaigns targeting both Palestinian and Israeli entities since 2012. The group is known for its use of sophisticated malware, including variants of S
Molerats
1
Molerats, also known as Gaza Cybergang Group1, is a threat actor linked to Hamas that has been active for over a decade. This low-budget group has been tracked by researchers under various names including Molerats, Gaza Cybergang, Frankenstein, WIRTE, and Proofpoint’s TA402 designation. Among 16 Adv
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Operation El...
Israel
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SysjokerUnspecified
3
SysJoker is a sophisticated piece of malware, short for malicious software, which has been designed with the intent to exploit and damage computer systems. It infiltrates systems without the user's knowledge through suspicious downloads, emails, or websites. Once it has gained access, SysJoker can d
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Operation Electric Powder Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
8 months ago
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
InfoSecurity-magazine
8 months ago
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
DARKReading
8 months ago
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
Checkpoint
8 months ago
Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker - Check Point Research
Securityaffairs
8 months ago
Hamas-linked APT uses Rust-based SysJoker backdoor against Israel