Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

SysJoker Evolution Unveiling Cyber Threat

November 24, 2023
Reading Time: 6 mins read
in Alerts
SysJoker Evolution Unveiling Cyber Threat

In recent cybersecurity findings, researchers have exposed a Rust variant of the cross-platform backdoor SysJoker, employed by a threat actor linked to Hamas in their cyber warfare against Israel. The evolution of SysJoker is marked by a complete code rewrite in Rust, suggesting enhanced functionalities, and a strategic shift from Google Drive to OneDrive for the storage of dynamic command and control server URLs.

Notably, this adaptation includes random sleep intervals and dynamic C2 address changes, underscoring the malware’s resilience and the threat actor’s agility in evading detection. The use of OneDrive allows attackers to easily alter the C2 address, providing a strategic advantage against reputation-based services.

SysJoker, initially documented by Intezer in January 2022, operates as a cross-platform backdoor capable of gathering system information and establishing contact with an attacker-controlled server. This flexibility allows for widespread infections across major platforms, granting the malware the ability to execute commands remotely and download and execute new malware on victim machines.

The discovery of a Rust variant indicates a significant evolution in the cross-platform threat landscape, with the malware utilizing advanced techniques, such as random sleep intervals, to avoid detection by sandboxes.

Despite SysJoker not being formally attributed to any specific threat actor or group, evidence points to potential connections between the backdoor and malware used in Operation Electric Powder, a targeted campaign against Israeli organizations between 2016 and 2017.

This campaign was previously linked to a Hamas-affiliated threat actor known as Molerats, suggesting a possible continuity in cyber operations over a significant time gap. The similarity in tactics, including the use of API-themed URLs and script commands, raises the intriguing possibility that the same threat actor is responsible for both attacks, showcasing a persistent and adaptable cyber threat.

Reference:
  • ISRAEL-HAMAS WAR SPOTLIGHT: SHAKING THE RUST OFF SYSJOKER
Tags: BackdoorCyber AlertCyber Alerts 2023CybersecurityHamasIsraelMalwareNovember 2023SysJoker
ADVERTISEMENT

Related Posts

Wing FTP Server RCE Flaw Exploited

WinRAR Zero-Day Exploit $80K on Dark Web

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Google Gemini Flaw Hijacks Email Summaries

July 14, 2025
Wing FTP Server RCE Flaw Exploited

Wing FTP Server RCE Flaw Exploited

July 14, 2025
Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025

Latest Alerts

WinRAR Zero-Day Exploit $80K on Dark Web

Google Gemini Flaw Hijacks Email Summaries

Wing FTP Server RCE Flaw Exploited

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

Subscribe to our newsletter

    Latest Incidents

    Supermarket Cyberattack Prompts Warning

    China Hacker Suspected in DC Law Firm Breach

    nius.de Cyberattack Leaks User Data

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial