Malware bundled with Middle East conflict news targets media and governments


by Jimmy Nicholls| 02 June 2014

Hack associated with anti-Zionist group has resurfaced in May.

Malware previously associated with anti-Zionist hacktivists was employed again last month against the BBC, a Middle Eastern diplomatic body and governments including UK, the US and Israel.

So-called "molerats" use decoy documents ostensibly containing information on Middle Eastern conflicts to open systems to remote access tools (RAT), a method that has previously been linked to the Gaza Hacker Team, who defaced the Chief Rabbinate's website in 2012.

An analysis by the malware security firm FireEye said: "Although a large number of attacks against our customers appear to originate from China, we are tracking lesser-known actors also targeting the same firms."

Molerats use backdoor entry techniques to compromise systems, with recent attempts connected to RAT software such as Poison Ivy (PIVY) or Xtreme RATs, which allow someone to take control of a remote computer anywhere in the world.

"Molerats campaigns seem to be limited to only using freely available malware," FireEye added. "However, their growing list of targets and increasingly evolving techniques in subsequent campaigns are certainly noteworthy."

Targets of the attacks included a number of Western governments, as well Israeli and Palestinian surveillance targets, and the Office of the Quartet Representative, a body that protects EU, US, Russian and UN interests within Israel and Palestine.

Other molerat targets during May included a major US financial institution, Turkey and several European government organisations.

RATs have been described by FireEye as an "ancient pest", and "the hacker's equivalent of training wheels". Though associated with novice hackers or "script kiddies", RATs have been described as "a linchpin of many sophisticated cyber attacks" by the security firm.

Last summer the firm published a report detailing the use of Poison Ivy among Middle Eastern hackers in combination with spear phishing. Victims were sent tainted RAR files, either through email or via a link to an online storage service such as Dropbox.

The Gaza Hacker Team was previously linked to an incident that saw Israel disable internet access for its police force and ban the use of memory sticks in October 2012, and are reported to have been attacking Israeli websites since 2008.

Source: Company Press Release

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

790 people like this.
2236 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.