The attack was detected by security firm Seculert, according to a report by Reuters. Aviv Raff, chief technology officer at Seculert, "told Reuters that Palestinians were suspected to be behind the cyber attack, citing similarities to a cyber assault on Israeli computers waged more than a year ago from a server in the Hamas-ruled Gaza Strip."
Although this latest attack seems to have come from a server in the US, Raff told Reuters that there were writing and composition similarities with the earlier attack. Seculert succeeded in sink-holing the operation in order to analyze and diffuse the attack.
It would appear to be a classic example of spear-phishing. Seculert discovered, reports Reuters, that "15 computers were in the hackers' grip for at least several days after the January 15 dispatch of the email, which included an attachment about ex- Israeli prime minister Ariel Sharon who had just died." The e-mail appeared to come from Israel's Shin Bet secret security service.
The poisoned attachment allowed the hackers to install Xtreme RAT, a remote access trojan that gives its controllers complete control over infected devices to steal documents or download and operate additional malware. Raff told Reuters that he didn't know what the hackers did while owning the Israeli computers. "All we know is at least one computer at the Civil Administration was in control of the attackers; what they did we don't know," he said.
A spokesperson for the Civil Administration, Guy Inbar, refused to confirm the hacks, telling Reuters, "We are not commenting on it, we don't respond to such reports." Raff also declined to identify the other 14 computers. Nevertheless, reports Reuters, "An Israeli source who spoke on condition of anonymity said these included companies involved in supplying Israeli defense infrastructure."
iHLS, an Israeli news service that specializes in 'homeland security' information, reported this morning, "In its response the Israeli government didn’t include any specific information regarding this latest development. According to the Defense Ministry Spokeswoman the Civilian Administration computers are under IDF jurisdiction and the events are being analyzed by the military’s C4I Branch. According to the statement the Defense Ministry has no information about a recent attack on its computers and the issue is under investigation."
A successful breach of the Civil Administration computer is potentially concerning for the Israeli security services since one of the functions of the Civil Administration is to issue entry permits for Palestinians who work in Israel.