Israel-Hamas War Spotlight: Shaking the Rust Off SysJoker

Check Point Research has been tracking SysJoker, a multi-platform backdoor believed to be used by a Hamas-affiliated threat actor against Israel. The malware’s code has been entirely rewritten in Rust, and OneDrive is now being used for storing dynamic C2 server URLs. There is similarity between new SysJoker variants and previously undisclosed instances of Operation Electric Powder, a series of targeted attacks on Israeli organizations in 2016-2017.