Threat Intelligence Tarot
cups · 8
Palestine (Hamas-affiliated, suspected)
G0021★★★★★
risk 3/5
✦ The Gaza Whisper ✦
Molerats
Gaza Cybergang · TA402 · Extreme Jackal
IsraelPalestinian authorityEgyptSaudi ArabiaMiddle East governments
Active since ~2012 · Israeli intelligence collection, Middle East political monitoring, Palestinian diaspora surveillance
The Gaza Whisper has operated through wars, ceasefires, and political crises - quietly, from within the conflict itself. It uses the news as its lure: the latest rocket attack, the peace negotiation, the humanitarian crisis. Every headline is a phishing opportunity.
Tactics & Techniques
RCN
RDV
INI
EXC
PRS
PRV
EVA
CRD
DSC
LAT
COL
C2
EXF
IMP
Notable Operations
- ◆Operation Parliament - senior government officials across Middle East (2018)
- ◆KASPERAGENT and MICROPSIA malware campaigns
- ◆Palestinian conflict-themed lures targeting Israeli government
- ◆Decade-long persistent targeting of the Israeli-Palestinian conflict zone
Defenses
- ▸Middle East geopolitical news themed phishing awareness trainingNIST SP 800-50 ↗
- ▸Email attachment sandboxing for Arabic-language documentsCIS Control 9 ↗
- ▸Endpoint keylogger and screen capture detectionNIST CSF: DE.CM ↗
- ▸Regional threat intelligence for Middle East government sectorsNIST CSF: ID.RA ↗
Reversed: Their Weakness
Molerats' operation from within an active conflict zone creates unusual constraints - infrastructure disruptions, power outages, and regional internet instability affect operations as much as they affect victims, creating intermittent campaigns that make tracking difficult but reveal operational geography.
Share this adversary profile
swipe to browse
Related Adversaries
Data sourced from MITRE ATT&CK. For educational purposes.