Unknown Threat Actor Conducts OPSEC Targeting Middle East

cyber

Hackers conduct OPSEC Targeting Middle East – Classified Documents That May Pertain To The Jordanian Research House Dar El-Jaleel Are Being Used As Bait In A Campaign Targeting The Middle East.

The researchers Paul Rascagneres with help of Martin Lee, from CISCO TALOS, described a campaign of targeted attacks against the middle east with key elements present: Geopolitical interest at stake, once documents pertaining Research House Dar EL-Jaleel, that research on Israeli-Palestinian conflict and Sunni-Shia conflict with Iran, are being used.

Second, the extensive use of scripting languages (VBScript, PowerShell, VBA) as part of the attack vector, once they are used to be dynamically loaded and execute VBScript functions stored in a Command & Control server.

Third, the attacker had deployed a series of sophisticated countermeasures to hide his identification using Operation Security (OPSEC), utilization of reconnaissance scripts to validate the victim machine according to his criteria, utilization of CloudFlare system to hide the IP and infrastructure and finally using filters on connections based on User-Agent strings to use the infrastructure for short periods of time before vanishing going offline.

Regarding the analysis in the report, the script campaign is divided into a series of steps to further advance the widespread of the infection. The VBS campaign is composed of 4 steps with additional payloads and 3 distinct functions that are: Reconnaissance, Persistence, and Pivoting.

middle east opsec attack

To read the original article:

 

https://securityaffairs.co/wordpress/69092/apt/unknown-threat-actor-conducts-opsec-targeting-middle-east.html

Laisser un commentaire

Next Post

Hackers Keep it Simple: Malware Evades Detection by Simply Copying a File

Hackers Keep it Simple: Malware Evades Detection by Simply Copying a File New malware technique evades detection by simply copying a file We break it down step-by-step to show you how it works Innovative hackers continue to deliver sophisticated malware that evades detection The Bromium Lab is back to break […]