Operation Electric Powder

Threat Actor updated 5 months ago (2024-05-04T21:01:12.252Z)

Download STIX

Preview STIX

Operation Electric Powder is a threat actor operation that was actively involved in targeted attacks against Israeli organizations between 2016-2017. This operation, as previously reported by ClearSky, has been linked to the threat actor known as Gaza Cybergang, also referred to as Molerats. The cybersecurity industry identified Operation Electric Powder through its unique characteristics, which were shared among multiple variants of SysJoker, a sophisticated malware used in cyber-attacks. A deep analysis of newly discovered variants of SysJoker revealed ties to undisclosed samples from Operation Electric Powder. This connection suggests that these operations may share common origins or operators. It's noteworthy that these specific traits of SysJoker are only shared with one other campaign, further highlighting the significant association with Operation Electric Powder. In addition to these connections, Check Point and ClearSky have observed behavioral similarities between SysJoker variants and Operation Electric Powder. These similarities suggest a possible overlap in tactics, techniques, and procedures (TTPs) used by the threat actors behind these campaigns. The continued investigation into these connections will be crucial in developing defenses against future threats posed by these and related threat actors.

Description last updated: 2024-05-04T18:31:51.222Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Gaza Cybergang is a possible alias for Operation Electric Powder. The Gaza Cybergang is a threat actor that has been active since at least 2012, primarily targeting the Middle East and North Africa. The group is known for its intelligence collection and espionage campaigns against Palestinian and Israeli victims. It consists of three main subgroups: Group 1 (Moler	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Operation El...

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Sysjoker Malware is associated with Operation Electric Powder. SysJoker is a malicious software (malware) that has been used in cyber attacks targeting Israeli systems. This malware, developed in the Rust programming language, is capable of exploiting and damaging computer systems without the user's knowledge. It can infiltrate these systems via suspicious down	Unspecified	3

Source Document References

Information about the Operation Electric Powder Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a year ago	Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
InfoSecurity-magazine	a year ago	SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
DARKReading	a year ago	Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
Checkpoint	a year ago	Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker - Check Point Research
Securityaffairs	a year ago	Hamas-linked APT uses Rust-based SysJoker backdoor against Israel