Nation sponsored hacker team APT28 uses Israel-Hamas war related context to inject spyware

published: Dec. 13, 2023

Take action: Be very cautious when receiving emails with any trigger content related to the Israel-Hamas conflict and referencing what appears to be relevant international documents. Referencing international documents is just a lure for you to open the malware.


Learn More

The cyberespionage group APT28, also tracked as ITG05 and known by various other names like BlueDelta, Fancy Bear, and Sofacy, has been engaging in a sophisticated cyber campaign using the Israel-Hamas conflict as a lure.

This campaign, observed by IBM X-Force security researchers targets at least 13 countries: Hungary, Türkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia, and Romania.

The campaign utilizes authentic documents from academic, finance, and diplomatic sources with a "direct influence on the allocation of humanitarian aid,". The malware is packaged with documents associated with the United Nations, the Bank of Israel, the U.S. Congressional Research Service, the European Parliament, a Ukrainian think tank, and an Azerbaijan-Belarus Intergovernmental Commission.

The malware is designed to target organizations from a single specific country, which confirms strategic interest of the campaign instead of financial crime benefits.

Nation sponsored hacker team APT28 uses Israel-Hamas war related context to inject spyware