WildCard
Description
(Intezer) Our research team has identified a new APT group, dubbed “WildCard,” initially detected through its use of the SysJoker malware, which targeted Israel’s educational sector in 2021. WildCard has since expanded its reach, creating sophisticated malware variants disguised as legitimate software, and a recently developed malware called ‘RustDown,’ written in Rust for potential operational advantages. Connections to Operation Electric Powder indicate WildCard’s advanced capabilities with a focus on critical sectors within Israel. While we’ve begun to understand WildCard’s tactics and methods, their precise identity is still enigmatic, demanding deeper analysis and collaboration within the infosec community.
Names
| Name | Name-Giver |
|---|---|
| WildCard | Intezer |
Country
Motivation
- Information theft and espionage
First Seen
2021
Observed Sectors
Observed Countries
Tools
Information
- https://intezer.com/blog/research/wildcard-evolution-of-sysjoker-cyber-threat/
- https://research.checkpoint.com/2023/israel-hamas-war-spotlight-shaking-the-rust-off-sysjoker/
Other Information
Uuid
d49566bf-86b1-4f36-9152-64ddf7f307e6
Last Card Change
2023-11-30