Security researchers in Israel uncovered a widespread cyberespionage campaign carried out by skilled hackers that targeted military suppliers, telecom companies, media outlets, and universities with malicious software meant to steal sensitive data and monitor its victims.
The campaign appears to have been ongoing since 2012 and has been found in networks in roughly a dozen other countries, too. The hackers penetrated sensitive systems with custom-built malicious software that has been named “Explosive” by Check Point, the Israeli security firm that discovered it attacking a Web server on a private network.
While Check Point did not specifically attribute the malware to a particular group or organization, other technical experts say the attack has all the markings of a campaign orchestrated by the Lebanese Shiite militant group Hezbollah, which maintains close ties to Iran and its Revolutionary Guard.
Check Point named the campaign “Volatile Cedar” for its suspected Lebanese origins – the Cedar tree is Lebanon’s national emblem. But researchers also say that it appears an Iranian hacker may have been involved, too. The hacker, a member of a notorious Iranian hacker group that calls itself the ITSEC team, left behind his or her alias in code implanted on a victimized server that was later reviewed by Check Point.
The malware discovered is more advanced than most and signals a high degree of technical ability among the militant group.
This is the first time Hezbollah has been tied to a major cyberattack