Check Point Software Technologies, an Israeli IT Security firm, reported a couple of days ago the unveiling of a cyber espionage campaign that hit more than 10 countries including Lebanon, Israel, USA, Canada, UK, Japan, Peru, and Turkey, and traced back to Lebanese hackers with possible ties to some active political group (hinting at Hezbollah).
The operation was called “Volatile Cedar”, and experts claimed it has been ongoing since 2012 with targets being carefully chosen and ranging from defense contractors to telecom and media companies. Attackers infiltrated these organizations by mainly compromising their web servers and planting malware on them, and then waiting for server administrators to simply plug in some USB devices which led to infecting other servers and workstations. Check Point however did not provide additional information about neither the affected organization nor the nature of data that has been stolen.
I personally found the news quite surprising because such big espionage operations are usually sponsored by governments, and we all know we don’t have a cyber bureau in charge of similar things here. So one cannot but admire Hezbollah for their capabilities if it was really them behind it, and at the same time feel worried about some big firms being infiltrated like banks and our two mobile operators!
If you’re interested in learning more about the Volatile Cedar operation, you can download this document by Check Point with a lot of interesting technical information about the used malware.