Hezbollah appears to be learning from Hamas on how to successfully target users around the world. Just like when Hamas targeted Israeli soldiers, Hezbollah was found to be using fake accounts featuring attractive young women to trick online users into clicking links to download malware. The attack was traced by to servers located in the Czech Republic by Czech Security Intelligence Service (BIS) and has been shut down. The campaign appears to have started somewhere around the start of 2017. The campaign was run through Facebook to contact targets before convincing them to install third party messaging applications which were then used to deliver malicious payloads. The servers which were located in the Czech Republic, don’t appear to be the only ones for this operation, a number of other servers have been identified in other parts of the EU and the U.S.
Intro The Binary Defense threat hunting team are experts on today’s threat actor groups. In