Security News > 2023 > May > OilAlpha: Emerging Houthi-linked Cyber Threat Targets Arabian Android Users

A hacking group dubbed OilAlpha with suspected ties to Yemen's Houthi movement has been linked to a cyber espionage campaign targeting development, humanitarian, media, and non-governmental organizations in the Arabian peninsula.

OilAlpha is the new cryptonym given by Recorded Future to two overlapping clusters previously tracked by the company under the names TAG-41 and TAG-62 since April 2022.

TAG-XX is the temporary moniker assigned to emerging threat groups.

These apps mimicked entities tied to the Saudi Arabian government and a humanitarian organization in the U.A.E. The attack chains commence with potential targets - political representatives, media personalities, and journalists - receiving the APK files directly from WhatsApp accounts using Saudi Arabian telephone numbers by masquerading the apps as belonging to UNICEF, NGOs, and other relief organizations.

"OilAlpha's focus in targeting Android devices is not surprising due to the high saturation of Android devices in the Arabian Peninsula region," Recorded Future said.

"While OilAlpha's activity is pro-Houthi, there is insufficient evidence to suggest that Yemeni operatives are responsible for this threat activity. External threat actors like Lebanese or Iraqi Hezbollah, or even Iranian operators supporting the IRGC, may have led this threat activity."

News URL

https://thehackernews.com/2023/05/oilalpha-emerging-houthi-linked-cyber.html