A sophisticated hacking group linked to Hamas has been conducting extensive cyber espionage operations against Middle Eastern governments while launching destructive attacks against Israeli targets, according to new research.
The group, known as "Wirte," has been active for over 6 years and operates as part of the larger Gaza Cybergang network supporting Hamas' political objectives. Recent findings show the hackers have intensified their activities during the ongoing Gaza conflict.
Their typical attack pattern involves sending phishing emails containing PDF files that lead victims to download malicious software. Starting in October 2023, the group began using an advanced tool called IronWind to make their attacks harder to detect and analyze.
When targeting organizations for espionage, Wirte deploys the "Havoc" framework to maintain persistent access and steal data. However, in attacks against Israeli targets in February and October 2024, the group switched to using "SameCoin" - destructive software designed to wipe systems.
In a recent campaign, the hackers impersonated an Israeli software reseller to target hospitals and local governments. The attack attempted to verify targets were located within Israel before deploying propaganda content and malicious tools.
While Wirte conducts surveillance across the region, their main focus appears to be Jordan and the Palestinian Authority - Hamas's political rival. Their approach to targeting Israel has evolved from quiet intelligence gathering to more public attacks intended to shape narratives around the conflict.
"Before the war, it was focused mostly on espionage, and stealthy persistence in networks," notes Sergey Shykevich, a threat intelligence expert at Check Point Research. "Now, it has become more about making breaches public, showing the data, the destruction."
The group timed recent destructive attacks to coincide with the anniversary of Hamas's October 7th attack on Israel, demonstrating their ongoing cyber capabilities despite the war. This shift represents an expanding front in the broader regional conflict, as militant groups increasingly leverage digital weapons alongside conventional ones.