Operation DustySky – Part 2 is a follow-up on our DustySky operation report from January 2016. It analyses new attacks by Molerats against targets in Israel, The United States, Egypt, Saudi Arabia, United Arab Emirates and The Palestinian Authority.

We elaborate on the scope and targeting of the DustySky campaign and expose new infrastructure and incidents. In addition, we expose the identity of an individual who is behind the DustySky campaign. Following the previous report, this individual has contacted us trying to learn what we know about him.

Attacks against all targets in the Middle East stopped at once after we published the first report. However, the attacks against targets in the Middle East (except Israel) were renewed in less than 20 days. In the beginning of April 2016, we found evidence that the attacks against Israel have been renewed as well.

Based on the type of targets, on Gaza being the source of the attacks, and on the type of information the attackers are after – we estimate with medium-high certainty that the Hamas terrorist organization is behind these attacks.

Read the full report: Operation DustySky

Indicators file: DusySky2-indicators (also available on PassiveTotal)

If you have been targeted with DustySky, or have questions about the report, please contact us at:

info[at]clearskysec.com

Acknowledgments

This research was facilitated by the PassiveTotal for threat infrastructure analysis.

We would like to thank the security researchers and organizations who shared information and provided feedback, which have been crucial for this research.