Over the last several months, the Cybereason Nocturnus team has been tracking recent espionage campaigns targeting the Middle East. These campaigns are specifically directed at entities and individuals in the Palestinian territories. This investigation shows multiple similarities to previous attacks attributed to a group called MoleRATs (aka The Gaza Cybergang), an Arabic-speaking, politically motivated group that has operated in the Middle East since 2012.
In our analysis, we distinguish between two separate campaigns happening simultaneously. These campaigns differ in tools, server infrastructure, and nuances in decoy content and intended targets.