Security News > 2022 > February > Palestine-Aligned Hackers Use New NimbleMamba Implant in Recent Attacks
An advanced persistent threat hacking group operating with motives that likely align with Palestine has embarked on a new campaign that leverages a previously undocumented implant called NimbleMamba.
"NimbleMamba uses guardrails to ensure that all infected victims are within TA402's target region," the researchers said, adding the malware "Uses the Dropbox API for both command-and-control as well as exfiltration," suggesting its use in "Highly targeted intelligence collection campaigns."
What's more, the attacks are said to have occurred in tandem with the aforementioned malicious activity targeting Palestine and Turkey.
More recent variations of the campaign in December 2021 and January 2022 have involved the use of Dropbox URLs and attacker-controlled WordPress sites to deliver malicious RAR files containing NimbleMamba and BrittleBush.
"TA402 continues to be an effective threat actor that demonstrates its persistence with its highly targeted campaigns focused on the Middle East," the researchers concluded.
"The [two] campaigns demonstrate Molerats' continued ability to modify their attack chain based on their intelligence targets."
News URL
https://thehackernews.com/2022/02/palestinian-hackers-using-new.html
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)