Facebook disrupts cyber-espionage campaign run by Palestinian hackers

Facebook disrupts cyber-espionage campaign run by Palestinian hackers

Facebook says it disrupted activities of two separate Palestine-linked hacker groups that abused its platform to conduct cyber-espionage and distribute malware.

One of the hacker groups is believed to have ties to the Preventive Security Service (PSS), the Palestinian Authority’s internal intelligence organization. It mainly targeted victims primarily in the Palestinian territories and Syria, to a lesser degree, they targeted Turkey, Iraq, Lebanon and Libya, Facebook said.

The group used a variety of malicious tools, including custom-build Android malware, the SpyNote Android RAT, as well as Windows malware (NJRat and HWorm) to spy on users. The hackers also used social engineering techniques to trick targets into clicking on malicious links and installing malware on their devices.

“This group used fake and compromised accounts to create fictitious personas posing primarily as young women, and also as supporters of Hamas, Fatah, various military groups, journalists and activists to build trust with people they targeted and trick them into installing malicious software. Some of their Pages were designed to lure particular followers for later social engineering and malware targeting,” Facebook said.

The other hacker group, Arid Viper, targeted primarily domestic audiences in Palestine, including government officials, members of the Fatah political party, student groups and security forces.

“It used sprawling infrastructure to support its operations, including over a hundred websites that either hosted iOS and Android malware, attempted to steal credentials through phishing or acted as command and control servers, according to Facebook.

In addition to Windows and Android malware, the group used a custom-built iOS espionage tool, dubbed Phenakite, which was capable of stealing sensitive user data from iPhones without jailbreaking the devices prior to the compromise. The malware was delivered via a trojanized chat application that used the open-source RealtimeChat code for legitimate app functionality. Phenakite could also direct people to phishing pages for Facebook and iCloud to steal their credentials for those services.

Back to the list

Latest Posts

US agencies warn of rising cyber threats from Iran-linked hackers

US agencies warn of rising cyber threats from Iran-linked hackers

Recent months have seen a notable uptick in activity from Iranian-linked hacktivists and government-affiliated threat groups.
1 July 2025
Google rolls out urgent Chrome security patch for active zero-day

Google rolls out urgent Chrome security patch for active zero-day

The flaw, tracked as CVE-2025-6554, is described as a type confusion bug in Chrome's V8 JavaScript and WebAssembly engine.
1 July 2025
Canada bans Chinese surveillance firm Hikvision over national security concerns

Canada bans Chinese surveillance firm Hikvision over national security concerns

From now on, all federal departments, agencies, and Crown corporations are prohibited from purchasing Hikvision products.
1 July 2025