Hackers uploaded malware targeting Middle East governments
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
February 18, 2015
It's reported today that a team of attackers recently identified by Russian internet security firm Kaspersky as the first advanced Arab hackers has uploaded some malware targeting Middle East governments, the military and several others.
So far, about one-hundred malware samples attributed to the group have been discovered, said Kaspersky.
The firms's researchers revealed the attacks at the company's analyst meeting where it yesterday unveiled a massive hacking campaign paraded as a twenty year-old effort of the U.S. National Security Agency (NSA).
After giving this second team of attackers the moniker Desert Falcons, Kaspersky said around 30 individuals seem to have launched operations in 2013 and 2014, and that their activity peaked in January.
Each attack campaign took aim at more than 3,000 targets typical of advanced attack groups-- state institutions, large media outlets and utilities, Kaspersky confirmed.
More than a million files are said to be stolen from organizations based in fifty countries but largely in Egypt, Palestine, Israel and Jordan.
Researcher Dmitry Bestuzhev said the use of social engineering and custom malware was very effective so far and appear to be functioning well in discovering new attacks.
"The individuals behind this threat are highly determined, active and with good technical, political and cultural insight," Bestuzhev added.
"We expect this operation to carry on developing more viruses, trojans and using more advanced techniques, some of them that are not widely known across the industry.
"With enough funding under way, they might even be able to acquire or develop exploits that would increase the efficiency of their attacks,” said a security expert at Kaspersky Lab’s Global Research and Analysis Team.
The Falcons' efforts in this case saw human resources and finance staff targeted through phishing emails that contained malware designed to establish a beach head within corporate networks.
The malware was hidden using left-to-right override, a facility intended for bi-directional text for documents that may contain English and Hebrew or Arabic scripts.
For instance, one of two custom backdoors were dropped after initial infection along with malware capable of stealing a large variety of data from several machines, and an Android trojan that pinched SMS and call logs.
Kaspersky researchers were able to gain brief read access on one of the command and control servers and found some information published by the attackers on Twitter's website.
Kaspersky Lab experts consider this actor to be the first known Arabic group of cyber mercenaries to develop and run full-scale cyber-espionage operations.
Source: Kaspersky Labs.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!