Sysjoker

Malware updated 2 months ago (2024-08-14T09:47:45.297Z)

Download STIX

Preview STIX

SysJoker is a malicious software (malware) that has been used in cyber attacks targeting Israeli systems. This malware, developed in the Rust programming language, is capable of exploiting and damaging computer systems without the user's knowledge. It can infiltrate these systems via suspicious downloads, emails, or websites, and once inside, it has the potential to steal personal information, disrupt operations, or even hold data hostage for ransom. The Advanced Persistent Threat (APT) group linked with Hamas, the Palestinian militant organization, has been identified as the entity deploying this backdoor malware against Israel. The use of SysJoker by this APT demonstrates a sophisticated level of cyber warfare, indicating their capability to develop and deploy advanced malware to further their objectives. The Rust-based nature of SysJoker makes it particularly potent, as this programming language is known for its performance and safety, especially in terms of memory management. In a recent development, the Hamas-linked APT group has revived the use of SysJoker, leveraging Microsoft's OneDrive cloud storage service to distribute the malware. This method of distribution suggests a higher level of ingenuity and adaptability on the part of the attackers, using commonly trusted platforms to bypass security measures. Consequently, this poses a significant threat to cybersecurity, requiring continuous vigilance and robust security protocols to counter such evolving threats.

Description last updated: 2024-08-14T08:50:16.071Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Malware

Apt

Windows

Encryption

Rust

Operation El...

Hamas

Macos

Linux

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Gaza Cybergang Threat Actor is associated with Sysjoker. The Gaza Cybergang is a threat actor that has been active since at least 2012, primarily targeting the Middle East and North Africa. The group is known for its intelligence collection and espionage campaigns against Palestinian and Israeli victims. It consists of three main subgroups: Group 1 (Moler	has used	4
The Operation Electric Powder Threat Actor is associated with Sysjoker. Operation Electric Powder is a threat actor operation that was actively involved in targeted attacks against Israeli organizations between 2016-2017. This operation, as previously reported by ClearSky, has been linked to the threat actor known as Gaza Cybergang, also referred to as Molerats. The cyb	Unspecified	3
The Molerats Threat Actor is associated with Sysjoker. Molerats, also known as Gaza Cybergang Group1, is a threat actor linked to Hamas that has been active for over a decade. This low-budget group has been tracked by researchers under various names including Molerats, Gaza Cybergang, Frankenstein, WIRTE, and Proofpoint’s TA402 designation. Among 16 Adv	Unspecified	2

Source Document References

Information about the Sysjoker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	3 months ago	security-affairs-malware-newsletter-round-5
CERT-EU	7 months ago	Hackers Claim Accessing 740GB of Data from Viber Messaging App
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	3 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	4 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	7 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	7 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	7 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
CERT-EU	7 months ago	Hackers Claim Accessing 740GB of Data from Viber Messaging App \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
Securityaffairs	8 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini