Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Organizations in MENA Region Attacked by Middle Eastern Threat Group - Kaspersky


Kaspersky Lab recently reported that a Middle Eastern Threat Group has been targeting organisations in the MENA (Middle East North Africa) region through their IT and Incident Response (IR) staff.

The politically motivated threat actor namely "Gaza cybergang" and "Gaza Hackers Team" has been active since at least 2012 but its activities have increased in the second quarter of 2015.

Experts believe that the attackers are targeting IT and IR teams because hacking the computers of such personnel can make them to penetrate deeply in the network of the organization.

Securityweek.com published news on 29th September, 2015 quoting the Global Research & Analysis Team of Kaspersky as explaining "IR people are also known to have access to sensitive data related to ongoing cyber investigations in their organisations in addition to special access and permissions enabling them to search for malicious or suspicious activities on the network."

Researchers say that the Gaza cybergang's efforts presently seem to focus on government entities especially embassies in countries like Egypt, Yemen and the United Arab Emirates (UAE).

The researchers say that these groups mainly use common remote access Trojans (RATs), Poisonlvy and XtremeRAT as infection modules. These malware strands hijack a system to enable the installation of backdoors, file uploading, remote shell code execution and download and exploitation of running processes and PC registries.

Gaza takes interest particularly in government entities and embassies and frequently use file names and domains - for example, gov.uae.kim - to refine their social engineering techniques and have a higher chance of tricking victims.

The group also modifies names of their malware files to look like genuine software which comprises names of files WinRAR.exe, Microsoft Log.exe, WindowsUpdate.exe, Skype.exe and Kaspersky.exe.

In one particular campaign, they tried to avoid detection by signing malware with a counterfeit Lab certificate of Kaspersky.

The Gaza criminal group first appeared in 2012. FireEye analyzed the campaign nicknamed Molerats and found that it attacked government of Israel and Palestinian targets plus the US and UK. Tainted .RAR files were employed in phishing operations to inject malware into the machines of victims aiming to compromise systems and steal data.

» SPAMfighter News - 10/6/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next