The Cybereason Nocturnus Team has identified an active espionage campaign attributed to the threat actor known as Molerats that employs three previously unidentified malware variants that abuse Facebook, Dropbox, Google Docs and Simplenote for command & control and the exfiltration of data from targets across the Middle East.
The newly discovered backdoors have been observed being used in conjunction with the Spark backdoor previously attributed to Molerats. The attackers also used the new espionage tools to download additional payloads including the infamous open-source Quasar RAT that was used previously by Molerats.
Periodically proactively hunt for potential attacks on sensitive assets.
Consider social engineering awareness and training, which are key in preventing phishing attacks.
Monitor for suspicious external network traffic including traffic to legitimate platforms that could be abused for C2 and exfiltration.
Ensure antivirus is deployed and up to date on all endpoints.