Zscaler experts have recently unveiled a new active campaign that is operated by the hacker APT group, Molerats. In this campaign, the Molerats hackers target the Middle East by exploiting the cloud storage services and geopolitically themed lures.
Molerats is an Arabic-speaking APT group, which is also known as Gaza Cyber gang, and the operators of Molerats APT group are primarily focusing on the users from the following countries:-
In July last year, the latest campaign of Molerats APT group was launched in which they used:-
Here, the hackers have used the above items as an attachment of phishing e-mail to compromise the system and network of their targets.
Through Microsoft Office documents that were infected with malicious macros, the hackers subsequently began delivering them from mid-December.
While after executing them, the operators of the Molerats APT group download the malicious tools on the computer system of their victim through the command line and PowerShell script.
All these are performed or pointed on the targets via popular cloud services like Google Drive Dropbox, as they abuse them to host malware payloads and steal sensitive information.
The conflict between Israel and Palestine has forced the experts to think about the growing concerns for forged documents. As in past attacks, the threat actors have used presentations about wanted persons, to which Interpol has already issued red notice.
Here, the primary goal of the threat actors behind this campaign is to target the important members of the following sectors:-
Initially, the RAR archive called “servicehost” which was used as a backdoor by the threat actors, seemed harmless, but, in reality, it was an EXE executable file that enabled the hackers to steal the following data from the compromised systems of the victims:-
Through the API of the DropBox repository, the operators of Molerates APT group establish the communication between the malware and the control server.
Here are the commands used by the attackers for their operations:-
In Dropbox, they store all the data stolen from their victims, while in the Google Drive cloud storage, they store all the hacker codes.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
The Cactus ransomware gang has been exploiting vulnerable Qlik sense servers ever since November 2023…
Autodesk Drive is a data-sharing platform for organizations to share documents and files in the…
The Iranian state-sponsored threat actor MuddyWater has been observed exploiting a legitimate remote monitoring and…
Hackers often target WordPress plugins as they have security loopholes that they can exploit to…
In a significant move for tech enthusiasts and historians alike, Microsoft has made the source…
Progress addressed a critical vulnerability last week, which was associated with an unauthenticated Command injection…