top of page
  • Clipeus

TA402 Persistent Attacks On Israel

Checkpoint reports ongoing attacks against Israel attributed to TA402, a threat actor that has historically engaged in conducting espionage operations against governments in the Middle East and North Africa region. TA402 reportedly leveraged a Rust-written variant of the SysJoker backdoor, enabling trojan-like capabilities, including remote control. It serves as an access broker for the deployment of additional malware stagers.

The backdoor utilizes OneDrive to retrieve command-and-control (C2) information, enabling the actor to quickly change the C2 addresses and likely providing effective endpoint detection and response (EDR) evasion, as OneDrive is a high-reputation service.

TA402 has been linked to the so-called 'Gaza Hacker Team,' a threat actor believed to serve as the cyber arm of Hamas.

Clipeus covered TA402 in a post on November 14, referencing a separate Checkpoint analysis of a campaign in the Arabic language targeting the MENA region.

Recent Posts

See All

AcidPour Wiper Targets Linux Devices in Ukraine

A new iteration of the AcidRain wiper malware, dubbed AcidPour, has been identified by SentinelOne's threat intelligence division, SentinelLabs. AcidRain, linked to Russian military intelligence, gain


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to with your inquiry. We would be glad to assist you

bottom of page