MoleRATs, a politically-motivated threat actor apparently linked to the Palestinian terrorist organization Hamas, has expanded its target list to include insurance and retail industries, Palo Alto Networks’ security researchers report.
Also referred to as Gaza Hackers Team, Gaza Cybergang, Extreme Jackal, Moonlight, and DustySky, the advanced persistent threat (APT) group has been active since at least 2011, targeting various governmental organizations around the world, as well as telecommunications companies.
Between October 2 and December 9, 2019, the hacking group was observed targeting eight organizations in six different countries. The victims are from the government, telecommunications, insurance and retail industries, with the last two representing atypical targets for the group.
The targets were located in the United Arab Emirates, the United Kingdom, Spain, the United States, Djibouti, and Saudi Arabia.
All attacks used similar email subject and attachment file names, but no specific social engineering themes were employed, which likely diminished the efficiency of the attempts.
Spear-phishing emails were leveraged to deliver malicious documents — mostly Word documents, but also one PDF — which in turn attempted to trick the intended victim into enabling content to run a macro, or force them into clicking a link to download a malicious payload.
The Spark backdoor was used in most of these assaults, allowing the attackers to open applications and run command line commands on the compromised system. The malware has been attributed to the Gaza Cybergang before and appears to have been used by the group since at least 2017.
To avoid detection and impede analysis, the hackers password-protected the delivery documents, ensured that the Spark payload would only run on systems with an Arabic ..
Support the originator by clicking the read the rest link below.
