Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

‘Rocket Kitten’ Targets Organisations in Israel and Europe


Trend Micro, a security firm, has disclosed a fresh targeted attack against European and Israel organizations which was launched by the state-backed threat group called 'Rocket Kitten'.

The firm said that the campaign Woolen-GoldFish is a dissimilar set-up from a previous effort by the group.

Trend Micro said in a fresh report that the previous attack depended on a spear-phishing email loaded with a tainted attached Office file and GHOLE malware started to download whenever users had to permit macros to witness the content of the attachment.

This new operation contains an improved and more reliable spear-phishing element with restricted content designed to persuade the user to click through.

It also replaces the nasty attachment with a link of Microsoft OneDrive which leads to a malevolent PowerPoint file known as 'Iran's Missiles program.ppt.exe.' The report claimed that this tactic could have been developed to help the attack avoid the email security.

The executable then drops a CWoolger keylogger's version on the machine of the victim to hover up the details. The authors of this report claim that this malware is not as sophisticated as its contemporaries.

Interestingly, Trend Micro has found many clues which suggest a connection between Rocket Kitten and Iran. Metadata of the malicious files reveal that many individuals have contributed to the development of the malware but the main author is apparently using the online moniker "Wool3n.h4t."

Researchers say that a blog is hosted by a free service in Iran with the help of Wool3n.h4t. The blog is presently not active and hosted posts published by a user known as "Masoud pk," which may be the real identity of Wool3n.h4t. If Wool3n.h4t is the name of Masoud, then he could be Iranian because it is one of the top 50 most common names in Iran.

Experts analyzed the command and control (C&C) servers used by the GHOLE malware and found a connection with Iran.

V3.co.uk published a report on 19th March, 2015 quoting a paper as "threat actors involved in Operation Woolen Goldfish consistently using other malware with command and control reference is hard-coded as an IP address in the binary. A domain name was not used and moreover it lands on the system with a name which is very similar to some variants of Ghole malware (used by Rocket Kitten)."

» SPAMfighter News - 3/30/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next