Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure
Connect with us

Plato Vertical Search

Cyber Security

Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.
The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information

Public Cloud Infrastructure

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.

The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information security company Zscaler, continuing previous efforts by the hacking group to conduct reconnaissance on the target hosts and plunder sensitive information.

Automatic GitHub Backups

Molerats, also tracked as TA402, Gaza Hackers Team, and Extreme Jackal, is an advanced persistent threat (APT) group that’s largely focused on entities operating in the Middle East. Attack activity associated with the actor has leveraged geopolitical and military themes to entice users to open Microsoft Office attachments and click on malicious links.

Public Cloud Infrastructure

The latest campaign detailed by Zscaler is no different in that it makes use of decoy themes related to ongoing conflicts between Israel and Palestine to deliver a .NET backdoor on infected systems that, in turn, takes advantage of the Dropbox API to establish communications with an adversary-controlled server and transmit data.

Prevent Data Breaches

The implant, which uses specific command codes to commandeer the compromised machine, supports capabilities to take snapshots, list and upload files in relevant directories, and run arbitrary commands. Investigating the attack infrastructure, the researchers said they found at least five Dropbox accounts used for this purpose.

“The targets in this campaign were chosen specifically by the threat actor and they included critical members of banking sector in Palestine, people related to Palestinian political parties, as well as human rights activists and journalists in Turkey,” Zscaler ThreatLabz researchers Sahil Antil and Sudeep Singh said.

Source: https://thehackernews.com/2022/01/molerats-hackers-hiding-new-espionage.html

Related Streams

Mobility

If you’re like most business owners, you’re always looking for ways to make your business more efficient and profitable. One way to do that...

IOT

[Samuel]’s first foray into making DIY hardware authentication tokens was a great success, but he soon realized that a device intended for everyday carry...

Ecommerce

Coupons and Promo Codes are best for getting a new start. If you are a beginner and have enough knowledge about it, you are...

Startups

According to Bloomberg News, Apple demonstrated its mixed reality headset to its board of directors last week. It indicates that the tech giant could soon...