ESET, a global cybersecurity company, reported Sunday on an ongoing cyber attack against various Israeli organizations. The attack involves gaining access to organizational systems through Remote Desktop Protocol (RDP) connections.
Once access is achieved, the attackers replace desktop backgrounds with an image bearing the colors of the al-Aqsa Martyrs Brigade—a group associated with Hamas. The background also includes text in English and Hebrew declaring, “Israel has been defeated. Over a year of bombings on Gaza, but the resistance is stronger than ever. The struggle will continue until every piece of Palestinian land is liberated. October 7 was just the beginning.”
In some cases, attackers have also gained control of printers, printing copies of the message, and have even corrupted organizational files.
Preliminary investigations suggest the attack resembles methods used by the Handala hacking group, which has previously targeted Israeli websites and stolen sensitive data. As part of their strategy, the group verifies the geographical location of the targeted computer by attempting to access the Israeli Home Front Command website, which is accessible only within Israel. Once confirmed, they proceed with their attack.
Recommendations for Israelis
ESET advises all organizations to strengthen their cybersecurity measures immediately. Recommendations include:
1. Strengthen password policies: Use passwords with at least 12 characters, including uppercase letters, lowercase letters, and special characters.
2. Restrict RDP access: Disable RDP connections or enable them only with multi-factor authentication
3. Update operating systems: Ensure all computers and servers are running the latest operating system updates. Unsupported systems should be replaced as they no longer receive security patches.
4. Use up-to-date security solutions: Ensure that all cybersecurity software is current.
Adan Avramov, Chief Technology Officer at ESET, emphasized the severity of the situation: “We are in a sensitive period, with ongoing discussions surrounding the hostage deal and the war. The desktop backgrounds and printed messages bear today’s date, January 19, and deliver a provocative message claiming, ‘Gaza and the resistance have won. Israel has been defeated.’ This type of attack highlights the importance of cyber awareness and proactive preparation to mitigate such threats. Organizations must act decisively to reduce exposure and respond effectively to security incidents.”