Arab hackers in Egypt and Palestine seem to have gone underground after a report surfaced on their activities by security vendor Trend Micro.
Various social media accounts belonging to Ebrahim Said El-Sharawy, alias DevHima, were shut down or altered in the wake of the report, which connected him to command and control (C&C) servers used to send instructions as part of Operation Arid Viper.
Despite the concealment the campaign appears to be going ahead as planned, with only minor alterations to the playbook.
"None of the C&C domains have moved to other hosting providers or had other major changes since the publishing of our report," Trend Micro wrote on its blog.
"Although we have not seen newly compiled samples being spread – we have seen two recent attempted infections with existing binaries from Arid Viper on the 15th and 19th of February against a target in Israel and Kuwait respectively."
Since the publishing evidence has also emerged that a Gmail account belonging to Khalid Samraa was merely used to register a web domain on behalf of one of the hackers, and did not indicate Samraa’s involvement in the campaign.
A Facebook account for Fathy Mostafa, who has also been linked by the company to C&C servers, has also been closed, with Trend Micro believing it was a response to the public disclosure of the campaign.
Content from our partners
