Threat Alert:

MoleRATs & Pierogis

Threat Overview

Threat Type

Backdoor

Target Industry

Government Entities

Attack Goal

Cyber Espionage

Impacted GEO

The Middle East

What's Happening?

The Cybereason Nocturnus team has discovered several recent, targeted attacks in the Middle East. These attacks deliver the Spark and Pierogi backdoors for politically-driven cyber espionage operations.

The modus-operandi of the attackers in conjunction with the social engineering tactics and decoy content seem aligned with previous attacks carried out by the Arabic-speaking APT group MoleRATs (aka Gaza Cybergang). This group has been operating in the Middle East since 2012.

Read The Full Research

KEY OBSERVATIONS & TTPS

Targeting Palestinians: The campaigns seems to target Palestinian individuals and entities, likely related to the Palesitinian government.
Politically-motivated APT: Cybereason suspects that the objective of the threat actor is to obtain sensitive information from the victims and leverage it for political purposes.
Lured Into Deploying a Backdoor: The attackers use specially crafted lure content to trick targets into opening malicious files that infect the victim’s machine with a backdoor. The lure content in the malicious files relates to political affairs in the Middle East, with specific references to the Israeli-Palestinian conflict, tension between Hamas and Fatah, and other political entities in the region.

Remediation Steps

Consider social engineering awareness and training, which are key in preventing such attacks.

Disable macros and install an endpoint protection solution to help mitigate similar attacks.

Periodically proactively hunt in your environment for sensitive assets.

Future-Ready Cybersecurity Protection