Cisco Talos cybersecurity experts: The attacker, a single actor, deploys a variety of malware, such as DcRAT and QuasarRAT, via diplomatic and humanitarian lures.
The hypothesis appears that Syria, besides having been subjected to the Usa-Uk-French action, was also victim of a cyberware action
In Syria the Usa-UK-French attack against the regime of Bashar Assad was probably not the only one. There is also the hypothesis of a cyber offensive. In the last hours, the Damascus State tv reported a new launch of missiles in the region of Homs, with the result that the air defenses of the middle east country were activated. Among other things, a military base at Shayrat was targeted. The same one which was attacked by the Usa last year, after the massacre caused by the gas attack of Khan Sheikhun. Washington immediately denied any involvement in the matter. Then, after a few hours, Syrian sources with grades denied the incident, defining it a false alarm. However, facts could have occurred otherwise. From local and international sources it was suggested that somebody had launched a cyberwarfare action against the reporting and controlling centre of Damascus. This structure receives all the information related to the protection of the national air space, and forwards them to the competent units.
Certain elements suggest that the reporting and controlling centre could have been hacked, generating false positives on the presumed arrivals of missiles
The impairment of the Syrian reporting and controlling centre would have generated a false positive on an attack and created an alarm on the Damascus air defense systems. These reacted immediately to the threat, taking action. What is not clear, however, is whether the missiles were launched or not. The Syrian Observatory for Human Rights (SOHR) reports strong explosions in the vicinity of the base of Shayrat. But as reported by Repubblica, Rami Abdel, the person responsible, specified that the missiles did not hit any of the air bases of the Assad regime. Therefore, the case of Homs could not be an isolated episode. According to the daily newspaper Al-Masdar the Syrian air defense responded to an attack by unidentified missiles, in the outskirts of Damascus. Three devices would have aimed at the airport of Dumair. But this too turned out to be a false alarm.
Although there is no confirmation, all eyes are set on Usa and Israel. The two countries have carried out successful cyber offensives in the past. It is sufficient to remember Stuxnet and Iran
Suspicions on whether it was a cyberwarfare operation are growing. It remains to be understood who did it. Although it is not confirmed yet, all eyes are on Usa and Israel, the two countries which in the past had successfully operated in this field. It is sufficient to remember the informatics virus Stuxnet, the worm which caused the sabotage of the centrifuges in the Iranian nuclear power plant of Natanz. In this circumstance they could have performed an action of similar hacking or infecting with two objectives: the first to test Syrian cyber defense mainly related to air defense and response time. The second is to launch a clear message to Damascus: be careful because we can hit you at any moment silently and successfully.