The Cybereason Nocturnus team has discovered several recent, targeted attacks in the Middle East. These attacks deliver the Spark and Pierogi backdoors for politically-driven cyber espionage operations.
The modus-operandi of the attackers in conjunction with the social engineering tactics and decoy content seem aligned with previous attacks carried out by the Arabic-speaking APT group MoleRATs (aka Gaza Cybergang). This group has been operating in the Middle East since 2012.
Consider social engineering awareness and training, which are key in preventing such attacks.
Disable macros and install an endpoint protection solution to help mitigate similar attacks.
Periodically proactively hunt in your environment for sensitive assets.
We highly recommend every customer enable the following features: