Gaza Cybergang threat actor it is back again, this time it is targeting organizations in the Middle East and North Africa (MENA) region.
Gaza Cybergang is a threat actor that is believed to be linked to the Palestinian organization Hamas, it is back again targeting organizations in the Middle East and North Africa (MENA) region.
According to the experts from Kaspersky, the hacker crew is not using some new tools and techniques.
The Gaza cybergang, aka “Gaza Hackers Team” and “Molerats,” appears to be politically motivated and has been active since at least since 2012, but it has intensified its activity in the Q2 2015.
Security experts speculate the group composed of Palestinian militant of Hamas, it also targeted organizations in Europe and the United States.
Last time we had their news was early this year when security experts from Palo Alto Networks uncovered a new cyber espionage campaign conducted dubbed DustySky campaign that targeted government organizations with two strains of malware: a downloader called Downeks and a remote access tool (RAT) named QuasarRAT.
Kaspersky has been monitoring the group’s campaigns and reported that a new victim of the hacker group is an oil and gas company in the MENA region. The hackers compromised the system at the security firm and exfiltrated information for more than a year.
The Gaza cybergang added to its arsenal an Android Trojan that was first spotted by Kaspersky in April 2017 on a command and control (C&C) server likely used by the group to target Israeli soldiers.
“In mid-2017, the attackers were discovered inside an oil and gas organization in the MENA region, infiltrating systems and pilfering data, apparently for more than a year. The malware files that were found had been reported previously: https://securelist.com/gaza-cybergang-wheres-your-ir-team/72283/” reads the analysis published by Kaspersky.
“While traces of Android mobile malware have been spotted, attackers have continuously used the Downeks downloader and the Quasar or Cobaltstrike RATs to target Windows devices, enabling them to obtain remote access spying and data exfiltration abilities.”
The threat actors leverage on spear phishing messages containing a malicious attachment or link. Researchers reported that in the attacks after March 2017, hackers used specially crafted Office files that delivered malware using macros.
To read the original article: http://securityaffairs.co/wordpress/64979/cyber-warfare-2/gaza-cybergang-new-ttps.html