Israel Police switched their computers off from the network due to RAT infestation
Trend Micro engineers obtained the malware that was responsible for the Israeli Police Department computer infestation that made them tunr their systems offline last Thursday; the analysis shoed that we are talking about a so-called Remote Access Trojan (RAT).
As we can read in The Times of Israel, investigations regarding this problem showed that the police servers and user desktops may have been compromised a week before the presence of this piece of malware was first discovered.
The malicious attack was not very elaborate as the malware was injected via an email with the name “IDF strikes militants in Gaza Strip following rocket barrage” and was sent from the email@example.com email address.
Of course, some of the users that got the mail were tricked into believing that this email was actually sent by Benny Gantz, the existent Chief of General Staff of the Israel Defense Forces, and did download and open the attached Report & Photos.rar file.
This file was an Xtreme RAT, a software that can receive commands from remote attackers and take screenshots, record audio and steal information from the infected machines. This version of the malware is also Windows 8 compatible.
It is known that the Israeli police has an interdiction for employees to use outside media (USBs, portable discs, etc.) on police computers, but from now on they will definitely also have to run some security trainings for them.
Untill now it is still unknown who launched the attack, but there are speculations about it being run by Iranian state-sponsored hackers.