A new cyber espionage campaign that uses popular SOCIAL MEDIA and platforms in cloud to target high-ranking politicians has been revealed after its investigation Cybereason. The campaign has been observed to operate mainly across the Middle East, and researchers believe it targets high-ranking politicians and government officials in the region. Cybereason reports that the APT group "Molerats", which has been active in the Middle East since 2012, appears to be behind this espionage campaign. hackers The team has previously used Spark and Pierogi to perform targeted attacks against Palestinian officials.
The new spy campaign uses three advanced, previously unknown, variants malware: two backdoors called SharpStage and Dropbox and a downloader called MoleNet. These are designed to help "leverage" it Facebook, of Dropbox, of Google Sheets and Simplenote, with cybercriminals aiming to steal sensitive and confidential data from their target computers.
Cybereason added that these new malware variants were used in conjunction with Spark backdoor previously attributed to the APT Molerats group, as well as payloads, including the open source Quasar RAT, known to have been used by that group.
As reported by Infosecurity Magazine, the Phishing is another aspect of this spy operation, focusing on sensitive political issues in the Middle East, including Israeli-Saudi relations, the Hamas election, and even a secret meeting between the US Secretary of State and the Israeli Prime Minister. and the Prince of Saudi Arabia, Mohammed bin Salman.
Lior Div, co-founder and CEO of Cybereason, said that while it is not surprising that hackers exploit politically charged events to fuel their phishing campaigns, it is worrying that more and more social media is being used. platforms, as well as other legitimate cloud services, for data theft and other malicious activities of hackers.