Security News > 2022 > February > MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign

Known Palestinian threat actor MoleRats is likely behind a recent malicious email campaign targeting Middle Eastern governments, foreign-policy think tanks and a state-affiliated airline with a new intelligence-gathering trojan dubbed NimbleMamba, researchers said.

Researchers from Proofpoint said they have observed a spear-phishing campaign using multiple vectors since November that they believe is the work of TA402, more commonly known as MoleRats and linked to the Palestinian Territories, according to a report posted online Tuesday.

The campaign uses various phishing lures and includes tactics not only to avoid being detected but also to ensure that its core malware payload only attacks specific targets, Proofpoint researchers wrote in the report.

NET executable using third-party obfuscators, is an intelligence-gathering trojan researchers believe is a replacement for previous malware used by TA402, LastConn. "NimbleMamba has the traditional capabilities of an intelligence-gathering trojan and is likely designed to be the initial access," researchers wrote.

Researchers from Zscaler have already observed MoleRats targeting prominent Palestinians, as well as activists and journalists in Turkey, with spyware in a previously identified attack in January.

In this variation, MoleRats "Slightly adjusted their attack chain by inserting an additional actor-controlled WordPress URL," researchers wrote.

News URL

https://threatpost.com/molerats-apt-trojan-cyberespionage-campaign/178305/