Hackers from Middle East Target US and Europe
Security researchers of security firm FireEye revealed recently that Molerats, which is a hacker group of Middle East, attacked many major public sector organizations including BBC (British Broadcasting Corporation) and some sections of European government during the month of April and May.
According to FireEye, latest attacks to establish espionage operations on digital infrastructure of targets happened between 29th April and 27th May 2014 and actions of Molerats have further added weight to concerns regarding growing cyber crimes originating from Middle East.
Researchers are confused with the motives of perpetrators whose targets included Israel, Palestine, Turkey, Slovenia, Macedonia, New Zealand and Latvia along with government bodies in the US and UK.
FireEye explained that employees of targeted organizations received emails from Molerats with links and attachments luring them with promise of information of their interest on clicking the link but in the process it downloads a kind of malware namely Xtreme RAT (Remote Access Trojan).
Molerats gang is not employing any unfamiliar sophisticated malware to expand its campaign since its activity has picked up in the last month. Molerats is mostly using malware in their campaign which is available freely on the Internet.
Eweek.com published a report on 2nd June, 2014 quoting Ned Moran, Senior Malware Researcher of FireEye as saying "We have not seen them use or exploit any zero-day vulnerabilities."
Although Molerats attackers are not employing zero-day vulnerabilities, they are making it more difficult for security pundits to detect the attack campaigns. The cybercriminals are using varying server ports to converse and they use elusive techniques while using common ports. The security firm (referring to FireEye) report on usage of port 443 by Molerats attackers, which is normally linked to encrypted SSL/HTTPS traffic, reveals that cyber crooks are not actually using SSL.
This is not the first time the Molerats group has struck as according to FireEye, it has previously attacked in October 2011 using the off-the-shelf Poison Ivy RAT on almost everybody of US and UK governments including Tony Blair, the former British prime minister and current Middle East peace envoy.
» SPAMfighter News - 10-06-2014