Hamas-Linked Hacktivists Employing Destructive Malware Against Israeli Targets

The pro-Hamas hacktivist group has been observed employing a newly identified Linux-based wiper malware called BiBi-Linux Wiper. 

This malware is an x64 ELF executable and lacks obfuscation or protective measures. It permits attackers to specify target folders and can potentially cause extensive damage to an entire operating system if executed with root permissions.

Feature of Wiper

1. Multi-Threading Capabilities

The malware has multithreading capability, allowing it to corrupt files concurrently for increased speed and effectiveness. It overwrites files, renames them with the hard-coded string “BiBi,” and excludes certain file types from corruption.

The use of “BiBi” in the filenames is not random; it carries political significance in the context of the Middle East, as it is a common nickname for the Israeli Prime Minister, Benjamin Netanyahu. 

This suggests a political motivation behind the malware.

The malware is coded in C/C++, has a file size of 1.2 MB, and enables threat actors to specify target folders via command-line parameters, defaulting to the root directory (“/”) if no path is provided, which requires root permissions.

2. Use of NOHUP Command

Another distinctive aspect is the use of the nohup command for running the malware in the background. 

What is nohup?

It is a command that stands for no hang-up. This command allows the processes to run in the background, even after logging out. This prevents it from being terminated so that tasks are not disturbed if you get disconnected. 

File types with extensions like .out or .so are excluded from being overwritten, as they are essential to the Unix/Linux operating system’s operation.

These activities highlight the evolving cyber threats in the ongoing Israeli-Hamas conflict, with a specific focus on cyber espionage and disruption.

Sadly, Adding More To War!

These activities exemplify the evolving cyber threats in the ongoing Israeli-Hamas conflict, with a particular focus on cyber espionage and disruption. 

Intelligence on SCADA Attacks by Pro-Palestinian Hacker Groups

Since the beginning of the 2023 Israel-Hamas war, a cyber war has also commenced between hacker groups supporting Palestine and those supporting Israel.
Pro-Palestinian hacker groups have conducted a variety of… pic.twitter.com/D9InUFdcGu

— Fusion Intelligence Center @ StealthMole (@stealthmole_int) October 26, 2023

The use of destructive malware with clear political connotations clearly tells the growing significance of cybersecurity in modern conflicts, where malicious actors leverage technology to expand their agendas.

War must end, and so the Genocide!