Fake Facebook profiles: Hackers posed as flirtatious women to target Israeli officials

Hackers with suspected ties to Hamas targeted Israeli defense, law enforcement and emergency service organizations by setting up bogus accounts that appeared to be women on Facebook, according to the Israeli cybersecurity firm Cybereason Inc. 

The fake Facebook profiles were regularly maintained, conversed in Hebrew and interacted with Israeli citizens to boost their credibility, the researchers said. Attackers befriended connections of targeted individuals, earning the victims' trust before starting intimate conversations and suggesting the conversations move to WhatsApp, according to a Cybereason report published Wednesday. Ultimately, the hackers tried duping victims into downloading malicious code that would give attackers complete access to their devices, including a phone's camera, email and text messages. 

“The operators seem to have invested considerable effort in ‘tending' these profiles, expanding their social network by joining popular Israeli groups, writing posts in Hebrew, and adding friends of the potential victims as friends,” the Cybereason report stated. The purpose of the hacking campaign was to extract sensitive information for espionage, Cybereason said. 

The attackers also urged victims to open a file purportedly containing a video with sexual content. In fact, the file contained malware and infected a victim's device when opened, according to the researchers. “The video is meant to distract the victim from the infection process that is happening in the background,” according to the report.

Cybereason attributed the attack with moderate-high confidence to an alleged Hamas-supported hacking group called APT-C-23, according to the report. 

In this instance, the group targeted dozens of people and successfully infected devices and computers, according to Cybereason researchers, who declined to identify the victims. The attacks, dubbed Operation Bearded Barbie, reveals the extent that Hamas, the Islamic militant group that rules the Gaza Strip, has improved its cyber capabilities, the researchers said. The company didn't disclose how many devices were infected. 

“The use of meticulous social engineering combined with sophisticated attack tools may cause great damage to the state of Israel,” Lior Div, chief executive officer of Cybereason said in a statement. 

A representative from Hamas declined to comment. An Israeli military spokesperson didn't respond to a request for comment before press time. 

Cybereason alerted Meta Inc.'s Facebook abut its findings, resulting in Facebook shutting down the flagged accounts, according to Cybereason. A Facebook representative didn't immediately respond to a request for comment.

Alleged Hamas-aligned hackers have previously tried romance scams to lure victims in a less sophisticated manner. In 2017, Hamas was accused of using photos of attractive women to trap hundreds of Israeli soldiers into conversations on Facebook's Messenger in an operation designed to gather information on military plans and deployments. 

In the more recent effort, hackers masquerading as women on Facebook sought to make conversation with their targets during working hours so that they could persuade them to download the software onto the “war computers” at their place of work, thus gaining access to even more sensitive information, according to Cybereason.