A phishing attack launched against the cyber espionage organisation of the Palestinian government

Last year cyberespionage organisation against Palestinian law enforcement agencies has now launched a re-attack against Palestinian government officials. According to a survey by Israeli network security company Check Point, the new attack began in March 2018 and appeared to be consistent with a set of operations detailed in the two reports of Cisco Talos and  Palo Alto Networks last year. The report describes the spear phishing attacks against Palestinian law enforcement agencies. Malicious emails attempt to infect victims through Micropsia info stealer, a Delphi-based malware that contains many references from Big Bang and Power. The string of the game’s episode character.

Now the same cyberespionage organisation seems to be reappearing. The only thing they have changed is malware, now using C++ encoding. Like Micropsia, the new malware is also a powerful backdoor that can be extended at any time using the second stage module. According to Check Point, the organisation uses the improved backdoor to infect victims to collect fingerprints from victim workstations, then collects the names of .doc, .odt, .xls, .ppt, and .pdf files and sends the list to the attack. Server.

This year the organisation appears to be a member of the Palestinian National Authority, and the theme of the spear phishing email is a monthly news report from the Palestinian Political and National Steering Committee, sent to relevant personnel of the agency. Unlike 2017, this malicious attachment is a compressed file containing the bait file and the malware itself.

Check Point believes that behind these attacks is an APT organisation called Gaza Cybergang, also known as Gaza Hackers / Molerats, which in 2016 linked the organisation to the terrorist organisation Hamas. Last week, the Israeli government accused Hamas of trying to lure soldiers into installing malware on their phones.

Source: bleepingcomputer

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.