MoleRats Hackers make a Comeback Disseminating Trojan Poison Ivy
Security researchers at FireEye report that the hackers' group, which leveraged the notorious online scam namely MoleRats, is again active while employing the known Trojan, Poison Ivy in a sophisticated version.
Report about the new Poison Ivy scam comes from Thoufique Haq, Ned Moran and Nart Villeneuve of FireEye who've released a paper titled "MoleRats: Middle East Cyber Attacks Using Poison Ivy." They observe that the scam comes in a more intense form of the earlier assaults i.e. the MoleRats attack that started during 2012 when the computer invaders targeted several government agencies within Palestine and Israel to steal vital data.
The scheme targets widely, especially many government organizations, a few inside UK, using advanced Poison Ivy along with XtremeRAT of the original assault.
Precisely according to FireEye's report, the scheme aims a wider target unlike thought earlier as also attacks government entities of USA and UK. V3.co.uk published this dated August 23, 2013.
Assigning a name "Operation MoleRats" to the targeted assaults, FireEye researchers state that these started using an ordinary spear-phishing e-mail as well as might've had association with a hackers cabal known as the "Gaza Hackers Team."
When FireEye examined the assaults, it found that they served harmful file-attachments alternatively were pushed through Dropbox files. Creation of the malware took place via certain fake Microsoft certificate that made the malware look genuine to security identification. According to the company's investigators, a few malware samples' time-stamps denote Middle Eastern criminals as possibly using Poison Ivy for years.
They wrote that they didn't know whether the attack was a MoleRats global scheme for redirecting attribution to cyber-attackers based in China, alternatively whether they'd just taken one more efficacious freely-obtainable RAT within the cyber-weapons they used. Nevertheless, as publicly-available RATs were omnipresent, it was being warned that every Poison Ivy assault shouldn't be attributed to China-based cyber-attackers rather the positive attribution was a growing contest, they contended. Techweekeurope.co.uk published this dated August 23, 2013.
The researchers added that with existing events across Middle East, including Egypt specially, gaining worldwide notice, the MoleRats campaign might go on exploiting such news as their attacks' catalyst.
» SPAMfighter News - 29-08-2013