Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel
Nov 24, 2023
Cyber Attack / Malware
Cybersecurity researchers have shed light on a Rust version of a cross-platform backdoor called SysJoker , which is assessed to have been used by a Hamas-affiliated threat actor to target Israel amid the ongoing war in the region. "Among the most prominent changes is the shift to Rust language, which indicates the malware code was entirely rewritten, while still maintaining similar functionalities," Check Point said in a Wednesday analysis. "In addition, the threat actor moved to using OneDrive instead of Google Drive to store dynamic C2 (command-and-control server) URLs." SysJoker was publicly documented by Intezer in January 2022, describing it as a C++ backdoor capable of gathering system information and establishing contact with an attacker-controlled server by accessing a text file hosted on Google Drive that contains a hard-coded URL. "Being cross-platform allows the malware authors to gain advantage of wide infection on all major platforms," VMw...
