Security News > 2021 > December > Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments

A threat actor tracked as WIRTE has been assaulting Middle East governments since at least 2019 using "Living-off-the-land" techniques, and malicious Excel 4.0 macros.

In April 2019, Kaspersky Lab reported that it had observed MuddyWater exfiltrating data such as credentials from governmental and telco targets in the Middle East, using a relatively simple, expendable set of tools that revealed a moderately sophisticated threat actor at work - with the potential to get even more dangerous over time.

Specifically, the threat actor has expanded on MuddyWater's targeting: Most victims are still Middle Eastern government and diplomatic entities, but the attacks are now also being launched against what researchers called the "Unusual" victims of law firms and financial institutions.

In one case, the gang mimicked the Palestinian Authority, Kaspersky said.

"All in all, we believe that all these similarities are a strong indication that the attacks described in this report were conducted by the WIRTE threat actor," Kaspersky said.

"A modified toolset enabled WIRTE to hide away for years, researchers added. The LotL techniques are"an interesting new addition to their TTPs, while the use of interpreted language malware such as VBS and PowerShell scripts distinguishes this suspected Gaza Cybergang from other subgroups, given that it gives them flexibility to "Update their toolset and avoid static detection controls," Kaspersky said.

News URL

https://threatpost.com/wirte-middle-eastern-governments/176688/