The WIRTE hacking group, linked to Hamas, has recently expanded its cyber activities from espionage to disruptive attacks primarily targeting Israeli organizations. Researchers from Check Point revealed that WIRTE, part of the Gaza Cyber Gang, has also extended its campaigns to entities in neighboring regions, including the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt. The cyber group has leveraged ongoing geopolitical tensions to craft lures, exploiting recent events in the Middle East for a range of malicious purposes.
Originally focused on espionage, WIRTE’s tactics now include deploying the SameCoin wiper malware in phishing campaigns against Israeli institutions like hospitals and municipal organizations. One observed campaign in October 2024 used emails from a legitimate Israeli cybersecurity partner to lure victims, subsequently deploying an advanced variant of SameCoin wiper. This recent variant of the wiper includes unique encryption functions and overwrites files, ultimately displaying an image attributed to Hamas’s military wing, the Al-Qassam Brigades, on victims’ systems.
WIRTE has also been observed using the Havoc post-exploitation framework and the IronWind downloader in its malware chains. These attacks often disguise malware within legitimate-looking files, such as RAR archives, using DLL sideloading and decoy PDFs to avoid detection. Despite escalating violence and political upheaval in the region, WIRTE has maintained its operations, which involve a versatile arsenal of malware designed to target both Windows and Android systems.
The group’s recent activities emphasize its adaptive toolkit, which includes a mix of wipers, backdoors, and phishing tactics intended for espionage and sabotage. Researchers suggest that WIRTE’s operations may have the dual purpose of spreading regional chaos and enhancing Hamas’s cyber capabilities. Check Point’s analysis highlights the group’s resilience, as WIRTE has continued these sophisticated campaigns despite ongoing conflict, demonstrating its ability to persist in targeted attacks on Israeli and other Middle Eastern entities.
