WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019

This February, during our hunting efforts for threat actors using VBS/VBA implants, Kaspersky researchers came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant itself is a VBS script with Read More …

Molerats Delivers Spark Backdoor to Government and Telecommunications Organizations

Between October 2019 through the beginning of December 2019, Unit 42 observed multiple instances of phishing attacks likely related to a threat group known as Molerats (AKA Gaza Hackers Team and Gaza Cybergang) targeting eight organizations in six different countries Read More …

New Cyber Espionage Campaigns Targeting Palestinians: The Spark and Pierogi Campaigns

Over the last several months, the Cybereason Nocturnus team has been tracking recent espionage campaigns targeting the Middle East. These campaigns are specifically directed at entities and individuals in the Palestinian territories. This investigation shows multiple similarities to previous attacks Read More …