After two months of break, a Middle Eastern advanced persistent-threat (APT) organization has resurfaced and is targeting government institutions in the Middle East -- global government bodies affiliated with geopolitics as a part of its recent malicious activities.
Proofpoint, a company headquartered in Sunnyvale, ascribed this action to a politically motivated threat actor tracked as TA402, colloquially known as Molerats or GazaHackerTeam.
TA402 is supposed to work for objectives that are consistent with military or Palestinian state goals. The threat actor has been operating for a decade with a history of compromising associations mainly in Israel and Palestine. The attacks covered verticals such as technology, telecoms, finance, the academy, the army, the media, and governments.
The two months' break in the operation is not apparent, but the Proofpoint researchers have suggested that it could have played a part either in the holy month of Ramadan or in the recent incidents in the region as well as in the violence which followed in May.
The current wave of attacks started with spear-phishing Arabic-listed emails carrying PDF files embedded in a geofenced malicious URL that can only selectively route victims to the password-protected file if the source IP address of these files is in the targeted Middle East nations.
The beneficiaries outside of the target Group are relocated to benign websites like Al Akhbar (www.al-akhbar.com) and Al Jazeera (www.aljazeera.net), generally Arabic language news websites.
The last step on the infection chain entailed an extraction of the archive to drop a customized implant named LastConn, which is a new version or upgrade of a backdoor called SharpStages that w ..
Support the originator by clicking the read the rest link below.
![[webapps] Customer Relationship Management System (CRM) 1.0 - Remote Code Execution](upload/news/image_1624269635_16712666.png)
