Security News > 2021 > June > Molerats Hackers Return With New Attacks Targeting Middle Eastern Governments

A Middle Eastern advanced persistent threat group has resurfaced after a two-month hiatus to target government institutions in the Middle East and global government entities associated with geopolitics in the region in a rash of new campaigns observed earlier this month.

Sunnyvale-based enterprise security firm Proofpoint attributed the activity to a politically motivated threat actor it tracks as TA402, and known by other monikers such as Molerats and GazaHackerTeam.

The latest wave of attacks commenced with spear-phishing emails written in Arabic and containing PDF attachments that come embedded with a malicious geofenced URL to selectively direct victims to a password-protected archive only if the source IP address belongs to the targeted countries in the Middle East.

The last step in the infection chain involved extracting the archive to drop a custom implant called LastConn, which Proofpoint said is an upgraded or new version of a backdoor called SharpStage that was disclosed by Cybereason researchers in December 2020 as part of a Molerats espionage campaign targeting the Middle East.

"TA402 is a highly effective and capable threat actor that remains a serious threat, especially to entities operating in and working with government or other geopolitical entities in the Middle East," the researchers concluded.

"It is likely TA402 continues its targeting largely focused on the Middle East region."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/ZOPUT5vBMeU/molerats-hackers-return-with-new.html