threat alerts molerats & pierogis alerts/threat alert molerats and...
TRANSCRIPT
WHAT ’S HAPPENING? The Cybereason Nocturnus team has discovered several recent, targeted attacks
in the Middle East. These attacks deliver the Spark and Pierogi backdoors for
politically-driven cyber espionage operations using spear phishing attacks.
KEY OBSER VATIONS & T TPS » Targeting Palestinians: The campaigns seems to target Palestinian individuals
and entities, likely related to the Palesitinian government.
» Politically-motivated APT: Cybereason suspects that the objective of the threat
actor is to obtain sensitive information from the victims and leverage it for
political purposes.
» Lured Into Deploying a Backdoor: The attackers use specially crafted lure content
for spear phishing to trick targets into opening malicious files that infect the
victim’s machine with a backdoor. The lure content in the malicious files relates
to political affairs in the Middle East, with references to the Israeli-Palesitinian
conflict, tension between Hamas and Fatah, and other political entities.
» Perpetrated by an Arabic-Speaking APT Group: The modus-operandi of the
attackers in conjunction with the social engineering tactics and decoy content
seem aligned with previous attacks carried out by the Arabic-speaking APT group
MoleRATs (aka Gaza Cybergang). This group has been operating in the Middle East
since 2012.
» Read the full length research here.
CYBEREASON CUSTOMERS
We highly recommend every customer enable the following features:
» If you do not have Cybereason NGAV activated, consider doing so to prevent
against threats like these.
» For Cybereason MDR customers, the Cybereason team will monitor
and triage as well as assist in the mitigation of potential infections.
T H R E AT T Y P E : BACKDOOR
TA R G E T I N D U S T R Y: GOVERNMENT ENTITIES
AT TAC K G OA L : CYBER ESPIONAGE
I M PAC T E D G E O : T H E MIDDLE EAST
O V E R V I E W
Consider social engineering awareness and training, which are key in preventing such attacks.
Disable macros and install an endpoint protection solution to help mitigate similar attacks.
R E M E D I AT I O N S T E P S
C Y B E R E A S O N . C O M
EXPERIENCED A BREACH?
EMAIL US AT
P R E V E N T E D & D E T E C T E D BY
T H E C Y B E R E A S O N D E F E N S E P L AT F O R M
I N F O @ C Y B E R E A S O N . C O M
MOLERATS & PIEROGISTHREAT ALERTS