Security News > 2022 > January > MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

NET payload and command-and-control servers with previous MoleRats APT attacks.

"The targets in this campaign were chosen specifically by the threat actor and they included critical members of the banking sector in Palestine, people related to Palestinian political parties, as well as human rights activists and journalists in Turkey," Zscaler's analysts found.

The analysts also found overlapping domain SSL-certificate data in this attack and previous known MoleRats attacks, as well as common domains used for passive DNS resolution, the report added.

Zscaler tracked the attack chain back through Dropbox and discovered that the APT's machine is operating in the Netherlands with the same IP subnet as the C2, along with domains used in past MoleRats APT campaigns.

The most recent MoleRats attacks showed some innovation over previous campaigns in backdoor delivery, according to the report.

The Zscaler report comes amid a recent explosion of APT attacks, which are up more than 50 percent over the past year.

News URL

https://threatpost.com/molerats-apt-spy-bankers-politicians-journalists/177907/