<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">

Threat Alert:

MoleRATs & Pierogis

threat-alert-badge-orange

Threat Overview

cr-icon-threat-type
Threat Type
Backdoor
Target Industries
Target Industry
Government Entities
cr-icon-attack-goal
Attack Goal
Cyber Espionage
cr-icon-impacted-geo
Impacted GEO
The Middle East

What's Happening?

The Cybereason Nocturnus team has discovered several recent, targeted attacks in the Middle East. These attacks deliver the Spark and Pierogi backdoors for politically-driven cyber espionage operations.

The modus-operandi of the attackers in conjunction with the social engineering tactics and decoy content seem aligned with previous attacks carried out by the Arabic-speaking APT group MoleRATs (aka Gaza Cybergang). This group has been operating in the Middle East since 2012.

Read The Full Research

KEY OBSERVATIONS & TTPS


  • Targeting Palestinians: The campaigns seems to target Palestinian individuals and entities, likely related to the Palesitinian government.
  • Politically-motivated APT: Cybereason suspects that the objective of the threat actor is to obtain sensitive information from the victims and leverage it for political purposes.
  • Lured Into Deploying a Backdoor: The attackers use specially crafted lure content to trick targets into opening malicious files that infect the victim’s machine with a backdoor. The lure content in the malicious files relates to political affairs in the Middle East, with specific references to the Israeli-Palestinian conflict, tension between Hamas and Fatah, and other political entities in the region.

Remediation Steps

cr-icon-remediate-disable

Consider social engineering awareness and training, which are key in preventing such attacks.

cr-icon-block-executable

Disable macros and install an endpoint protection solution to help mitigate similar attacks.

Asset 3

Periodically proactively hunt in your environment for sensitive assets.

antivirus-01
Prevented & Detected by the Cybereason Defense Platform

CYBEREASON CUSTOMERS

We highly recommend every customer enable the following features:

  • If you do not have Cybereason NGAV activated, consider doing so to prevent against threats like these.
  • For Cybereason MDR customers, the Cybereason team will monitor and triage as well as assist in the mitigation of potential infections.

Download This Threat Alert

SUFFERED A BREACH?
TALK TO A SPECIALIST