Press ESC to close

Handala Group : Overview and Campaigns

CategoryDetails
Threat ActorsHandala Hacking Team, pro-Palestinian hacktivist group targeting Israeli organizations. Active since December 2023.
Campaign OverviewExploited BSOD issue due to CrowdStrike update on July 19, 2024, to deploy destructive wiper payloads.
Target Regions (Victims)Israeli organizations, businesses, and entities supporting or operating within Israel.
MethodologyPhishing emails, leveraging social engineering (crisis events), malicious PDF attachments, NSIS installers, and batch script obfuscation.
Product TargetedPrimarily targeting Windows environments using wiper malware and destructive payloads.
Malware ReferenceHandala Wiper Malware. Payload includes AutoIT components and obfuscated scripts for evading detection.
Tools UsedNSIS installer, AutoIT, Telegram bot (for C2), batch scripts with obfuscation, Bring Your Own Vulnerable Driver (BYOVD).
Vulnerabilities ExploitedOpportunity-based exploitation of downtime issues (e.g., BSOD), no specific vulnerabilities identified beyond social engineering.
TTPsSpear phishing (T1566.001), Command and Scripting Interpreter (T1059), Obfuscated Batch Scripts (T1027), Time-based Evasion (T1497.003), Disk Wiping (T1561.002).
AttributionHandala Hacking Team (self-claimed). Moderate confidence of Hebrew-speaking member based on linguistic analysis.
RecommendationsDetection strategies using Splunk, proactive testing via Atomic Red Team, analysis of suspicious process file paths for detection.
SourceSplunk Threat Research Team

Read full article: Handala’s Wiper: Threat Analysis and Detections | Splunk
Disclaimer: The above summary has been generated by an AI language model.

Leave a Reply

Your email address will not be published. Required fields are marked *