Gelsemium APT was behind February compromise of NoxPlayer

ESET has published details of an advanced persistent threat (APT) crew that appears to have deployed recent supply chain attack methods against targets including “electronics manufacturers,” although it didn’t specify which. “Victims of its campaigns are located in East Asia Read More …

Iran calls blackout at Natanz atomic site ‘nuclear terrorism’

Iran condemned a blackout at its underground Natanz nuclear facility early on Sunday as an act of “nuclear terrorism” and said Tehran reserves the right to respond, but did not specify who was responsible and how Iran may react. “The Read More …

Digital Footprint Intelligence Report

The Digital Footprint Intelligence Service announces the results of research on the digital footprints of governmental, financial and industrial organizations for countries in the Middle East region: Bahrain, Egypt, Iran, Iraq, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Sudan, Syria, Read More …

Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East

The Iran-linked espionage group Seedworm (aka MuddyWater) has been highly active in recent months, attacking a wide range of targets, including a large number of government organizations in the Middle East. Many of the organizations attacked by Seedworm in recent Read More …

BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity

A cyberespionage group known as BAHAMUT has been linked to a “staggering” number of ongoing attacks against government officials and private-sector VIPs in the Middle East and South Asia, while also engaging in wide-ranging disinformation campaigns. That’s according to BlackBerry Read More …

APT-C-23 Android Spyware Variant Snoops on WhatsApp, Telegram Messages

Researchers say they have uncovered a new Android spyware variant with an updated command-and-control communication strategy and extended surveillance capabilities that snoops on social media apps WhatsApp and Telegram. The malware, Android/SpyC32.A, is currently being used in active campaigns targeting Read More …

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

On July 6 and July 9, 2020, we observed files associated with an attack on two state-run organizations in the Middle East and North Africa that ultimately installed and ran a variant of the Thanos ransomware. The Thanos variant created Read More …

Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

Researchers have uncovered new cybercrime campaigns from the known Chafer advanced persistent threat (APT) group. The attacks have hit several air transportation and government victims in hopes of data exfiltration. The Chafer APT has been active since 2014 and has Read More …

New Cyber Espionage Campaigns Targeting Palestinians: The Spark and Pierogi Campaigns

Over the last several months, the Cybereason Nocturnus team has been tracking recent espionage campaigns targeting the Middle East. These campaigns are specifically directed at entities and individuals in the Palestinian territories. This investigation shows multiple similarities to previous attacks Read More …

New JhoneRAT Malware Targets Middle East

Researchers are warning of a new remote access trojan (RAT), dubbed JhoneRAT, which is being distributed as part of an active campaign, ongoing since November 2019, that targets victims in the Middle East. Once downloaded, the RAT gathers information on the victims’ Read More …