Sysjoker

Malware updated 15 days ago (2024-11-29T14:43:31.490Z)
Download STIX
Preview STIX
SysJoker is a sophisticated malware, short for malicious software, that has been leveraged by a Hamas-linked Advanced Persistent Threat (APT) against Israel. Unlike other malware, SysJoker is written in Rust, a programming language known for its performance and safety, which makes it more challenging to detect and neutralize. This harmful program infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This particular cyber threat has persisted throughout the war in Gaza, despite the cessation of other Hamas-associated threats. The sustained activity of this cluster indicates a high level of persistence and determination on the part of the attackers. SysJoker's ability to remain active and potent during such a volatile period underscores the seriousness of this security issue. In a recent development, the Hamas-linked group has revived the use of SysJoker malware, now leveraging Microsoft's OneDrive cloud storage service. This new approach allows the malware to bypass traditional security measures by exploiting trusted channels, making it even more dangerous. The continuing evolution and resilience of SysJoker underscore the need for robust cybersecurity measures to protect against such persistent threats.
Description last updated: 2024-11-15T15:54:43.735Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Backdoor
Malware
Apt
Windows
Encryption
Rust
Hamas
Operation El...
Macos
Linux
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Gaza Cybergang Threat Actor is associated with Sysjoker. Gaza Cybergang, a threat actor group affiliated with Hamas, has been active since at least 2012, targeting entities in the Middle East and North Africa. The group's activities primarily involve intelligence collection and espionage campaigns against Palestinian and Israeli victims. Researchers have has used
4
The Operation Electric Powder Threat Actor is associated with Sysjoker. Operation Electric Powder is a threat actor operation that was actively involved in targeted attacks against Israeli organizations between 2016-2017. This operation, as previously reported by ClearSky, has been linked to the threat actor known as Gaza Cybergang, also referred to as Molerats. The cybUnspecified
3
The Molerats Threat Actor is associated with Sysjoker. Molerats, also known as the Gaza Cybergang Group1, is a threat actor group historically associated with Hamas. The group has been tracked for over a decade under various names including Frankenstein and WIRTE, among others. Molerats, along with five other groups including APT 35 and Moses Staff, areUnspecified
2
Source Document References
Information about the Sysjoker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Checkpoint
a month ago
Securityaffairs
4 months ago
Securityaffairs
4 months ago
CERT-EU
9 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
CERT-EU
9 months ago