Short News:-
As part of a spying campaign, the Molerats threat actor is using cloud services like Google Drive and Dropbox to host malware payloads, as well as for command-and-control and stealing data from Middle Eastern targets.
In July 2021, according to cloud-based information security company Zscaler, the hacking group continued previous efforts to conduct reconnaissance on target hosts and steal sensitive information.
Molerats, also known as TA402, Gaza Hackers Team, and Extreme Jackal, is an APT group targeting Middle Eastern targets. The actor's attacks have used geopolitical and military themes to entice users to open malicious Microsoft Office attachments and links.
The latest campaign from Zscaler uses decoy themes related to ongoing Israeli-Palestinian conflicts to deliver a.NET backdoor on infected systems that then abuses the Dropbox API to communicate with an adversary-controlled server and transmit data.
The implant can take snapshots, list and upload files in relevant directories, and run arbitrary commands. The researchers found at least five Dropbox accounts used for the attack infrastructure.
"The threat actor specifically targeted critical members of the banking sector in Palestine, Palestinian political parties, human rights activists and journalists in Turkey," said Zscaler ThreatLabz researchers Sahil Antil and Sudeep Singh.
Detailed News:-
It has been determined that the threat actor known as Molerats is engaged in an active espionage campaign, which involves the abuse of legitimate cloud services such as Google Drive and Dropbox to host malware payloads, as well as for command-and-control and the exfiltration of data from targets throughout the Middle East.
According to cloud-based information security company Zscaler, the cyber offensive has been ongoing since at least July 2021, and it is believed to be a continuation of previous efforts by the hacking group to conduct reconnaissance on the target hosts and steal sensitive information.
In addition to being known as TA402, Gaza Hackers Team, and Extreme Jackal, Molerats is a sophisticated advanced persistent threat (APT) organisation that primarily targets organisations operating in the Middle East. Exploiting geopolitical and military themes, the actor's attack activity has persuaded users to open Microsoft Office attachments and click on malicious links, resulting in a significant increase in the number of victims.
It is no different in that it makes use of decoy themes related to the ongoing conflict between Israel and Palestine in order to deliver a.NET backdoor on infected systems, which then exploits the Dropbox API to establish communications with an adversary-controlled server and transmit data.
The implant, which commandeers the compromised machine through the use of specific command codes, includes the ability to take snapshots, list and upload files in relevant directories, and run arbitrary commands on the compromised machine. When the researchers looked into the attack infrastructure, they discovered at least five Dropbox accounts that were being used for this purpose, they said.
In a statement, Zscaler ThreatLabz researchers Sahil Antil and Sudeep Singh stated that the campaign's targets were chosen specifically by the threat actor and included "critical members of the banking sector in Palestine, people associated with Palestinian political parties, as well as human rights activists and journalists in Turkey."
Post a Comment
Your suggestions and comments are welcome