Security News > 2020 > December > New Backdoors Used by Hamas-Linked Hackers Abuse Facebook, Dropbox
Two new backdoors have been attributed to the Molerats advanced persistent threat group, which is believed to be associated with the Palestinian terrorist organization Hamas.
In early 2020, security researchers at Cybereason's Nocturnus group published information on two new malware families used by the APT, namely Spark and Pierogi.
The security researchers also identified new activity targeting Turkish-speaking entities with the Spark backdoor, as well as a separate campaign in which a new Pierogi variant is used against targets also infected with DropBook, SharpStage, and Spark.
"The newly discovered backdoors were delivered together with the previously reported Spark backdoor, which along with other similarities to previous campaigns, further strengthens the attribution to Molerats," Cybereason notes.
"The discovery of the new cyber espionage tools along with the connection to previously identified tools used by the group suggest that Molerats is increasing their espionage activity in the region in light of the current political climate and recent events in the Middle East," Cybereason concludes.
News URL
Related news
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)
- Winnti hackers target other threat actors with new Glutton PHP backdoor (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)