Security News > 2022 > February > Palestine-Aligned Hackers Use New NimbleMamba Implant in Recent Attacks

An advanced persistent threat hacking group operating with motives that likely align with Palestine has embarked on a new campaign that leverages a previously undocumented implant called NimbleMamba.

"NimbleMamba uses guardrails to ensure that all infected victims are within TA402's target region," the researchers said, adding the malware "Uses the Dropbox API for both command-and-control as well as exfiltration," suggesting its use in "Highly targeted intelligence collection campaigns."

What's more, the attacks are said to have occurred in tandem with the aforementioned malicious activity targeting Palestine and Turkey.

More recent variations of the campaign in December 2021 and January 2022 have involved the use of Dropbox URLs and attacker-controlled WordPress sites to deliver malicious RAR files containing NimbleMamba and BrittleBush.

"TA402 continues to be an effective threat actor that demonstrates its persistence with its highly targeted campaigns focused on the Middle East," the researchers concluded.

"The [two] campaigns demonstrate Molerats' continued ability to modify their attack chain based on their intelligence targets."

News URL

https://thehackernews.com/2022/02/palestinian-hackers-using-new.html