Malware Attacks by Syrian Pro-Government Hackers Are on the Rise
But there are lesser-known groups using malware and attacking activists and people sympathetic to Syrian rebels, and according to a report released earlier this week, their activities are on the rise.
I’m a bit late to this, owing to the holiday, but the findings come from security researchers at the University of Toronto’s Citizen Lab and the Electronic Freedom Foundation. Hackers who support the Syrian regime have been documented trying to use malware attacks against journalists, workers at non-governmental organizations and others, using social-engineering techniques and remote-access tools. One in particular is a rare Trojan that attacks Apple’s Mac OS X.
In one case, the attackers were able to seize control of a Facebook page belonging to a pro-opposition group, and to use that power to delete comments warning others not to follow a link that led to a malware download.
In another case, links to Dropbox files accompanying YouTube videos contained malware linked to servers that are known to have been controlled by pro-Assad hackers in the past.
The Mac Trojan, which caught some media attention when it was first detected, turned out to be a so-called “false flag” operation. It first appeared to have been created by the Syrian Electronic Army, though it’s unclear why. That group later disavowed responsibility.
The report goes into a lot of technical detail about how the different attacks work. It’s essentially a warning to Syrians or anyone who may be involved with the conflict to be careful and to pay attention to the latest attack techniques. “The malware campaigns appear to be becoming more and more sophisticated, incorporating greater levels of social engineering,” it says. “Additionally, the presence of possible false flag operations muddies the waters, making it more difficult to identify actors.”
The full report, which I’ve embedded below, is worth reading: