Kaspersky Lab warns about the activity of an Arabic-speaking cybercriminal group called by the experts ‘The Gaza cybergang’. It is operating in the MENA region (Middle East and North Africa), mainly in Egypt, the United Arab Emirates and Yemen. The group has been operating since 2012 and became particularly active in the second and third quarter of 2015. The attackers focus on government entities, especially embassies, and primarily target IT and incident response staff.
The Gaza cybergang actively sends malware files to information technology (IT) and incident response (IR) staff. IT personnel are known to have more access and permissions inside their organisations than other employees, mainly because they need to manage and operate the infrastructure. That is why getting access to their devices can be worth a lot more to the cybercriminals than those of normal users in the corporate network. IR people are also known for having access to sensitive data related to ongoing cyber investigations in their organisations, as well as special access and permissions enabling them to hunt for malicious or suspicious activities on the network.
Despite the fact they are targeting high-level entities such as government bodies; the Gaza team uses well-known remote administration tools (RAT) – XtremeRAT and PoisonIvy – spreading infections via phishing scams. Using simple infection tools, they successfully hit their targets with crafted social engineering tricks, using special file names, content and domain names (e.g. gov.uae.k*m) that help the group in their hunt for targets. Examples of file names that have delivered malware to a victims’ machine, include:
“According to the list of targets, which includes government entities in the Middle East and North Africa region, we’re witnessing politically motivated cyberattacks. By gaining control of computers with greater access to the system, the cybercriminals increase their chances of stealing valuable information and are much more likely to cause significant damage. As attribution is the most complicated – often impossible – task when analyzing a malicious cyber-campaign, we don’t as yet know who is behind it,” says Mohammad Amin Hasbini, Senior Security Researcher, Global Research & Analysis Team, Kaspersky Lab.
In order to reduce the risk of being infected by the group’s malicious tools, Kaspersky Lab experts recommend the following measures:
To find out more, please read the related blog post available at Securelist.com.
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.