Molerats phishing scam targeting government systems, security company warns - Techie News (UK and Ireland)

First spotted in the Middle East and US, the Molerats phishing scam has been observed doing rounds in Europe specifically targeting government agencies, BBC and other such high-profile targets.

Gaza Hackers Team, the gang behind the attack, is said to be around for years now and is known to use free and off the shelf remote access Trojans (RATs) including the likes of CyberGate, Bifrost, ‘Poison Ivy’, Xtreme RAT among others.

“Between 29 April and 27 May, FireEye Labs identified several new Molerats attacks targeting at least one major U.S. financial institution and multiple, European government organizations”, notes FireEye in its report.

The security company notes that the gang behind the Molerat attacks isn’t linked to any Chinese attackers and the gang has been actively tracking and attacking Palestinian and Israeli surveillance targets; Government departments in Israel, Turkey, Slovenia, Macedonia, New Zealand, Latvia, the U.S., and the UK; The British Broadcasting Corporation (BBC) and Multiple European government organizations among other targets.

The thing that gives away that Gaza Hackers Team is behind the attacks is use of previously used C&C infrastructure and modus operandi – spearphishing attacks carrying a link to a binary that opens up a decoy word document to drop a Trojan onto the victim’s system.

In its analysis, FireEye found instances of phishing mails with URLs pointing to decoy word files packed with Xtreme RAT binary. There have been instances of spearfishing emails as well known to drop a decoy document written in Arabic. The title of this document appears to be in Chinese and according to FireEye, “this could possibly be a poor attempt to frame China-based threat actors for these attacks.”

“There also appears to be a habitual use of lures or decoy documents – in either English or Arabic language – with content focusing on active conflicts in the Middle East”, noted FireEye.

“The lures come packaged with malicious files that drop the Molerats’ flavour of the week, which happen to all be Xtreme RAT binaries in these most recent campaigns.”

Ravi

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Leave a Reply Cancel reply