Sysjoker

Malware updated 3 days ago (2024-11-20T18:07:56.851Z)

Download STIX

Preview STIX

SysJoker is a sophisticated malware, short for malicious software, that has been leveraged by a Hamas-linked Advanced Persistent Threat (APT) against Israel. Unlike other malware, SysJoker is written in Rust, a programming language known for its performance and safety, which makes it more challenging to detect and neutralize. This harmful program infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. This particular cyber threat has persisted throughout the war in Gaza, despite the cessation of other Hamas-associated threats. The sustained activity of this cluster indicates a high level of persistence and determination on the part of the attackers. SysJoker's ability to remain active and potent during such a volatile period underscores the seriousness of this security issue. In a recent development, the Hamas-linked group has revived the use of SysJoker malware, now leveraging Microsoft's OneDrive cloud storage service. This new approach allows the malware to bypass traditional security measures by exploiting trusted channels, making it even more dangerous. The continuing evolution and resilience of SysJoker underscore the need for robust cybersecurity measures to protect against such persistent threats.

Description last updated: 2024-11-15T15:54:43.735Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Malware

Apt

Windows

Encryption

Rust

Hamas

Operation El...

Macos

Linux

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Gaza Cybergang Threat Actor is associated with Sysjoker. Gaza Cybergang, a threat actor group affiliated with Hamas, has been active since at least 2012, targeting entities in the Middle East and North Africa. The group's activities primarily involve intelligence collection and espionage campaigns against Palestinian and Israeli victims. Researchers have	has used	4
The Operation Electric Powder Threat Actor is associated with Sysjoker. Operation Electric Powder is a threat actor operation that was actively involved in targeted attacks against Israeli organizations between 2016-2017. This operation, as previously reported by ClearSky, has been linked to the threat actor known as Gaza Cybergang, also referred to as Molerats. The cyb	Unspecified	3
The Molerats Threat Actor is associated with Sysjoker. Molerats, also known as the Gaza Cybergang Group1, is a threat actor group historically associated with Hamas. The group has been tracked for over a decade under various names including Frankenstein and WIRTE, among others. Molerats, along with five other groups including APT 35 and Moses Staff, are	Unspecified	2

Source Document References

Information about the Sysjoker Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	8 days ago	Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity - Check Point Research
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
CERT-EU	8 months ago	Hackers Claim Accessing 740GB of Data from Viber Messaging App
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	8 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
CERT-EU	8 months ago	Hackers Claim Accessing 740GB of Data from Viber Messaging App \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting