Middle East phishing attack aims malware variants at political figures

Previously unreported backdoors, discovered by cybersecurity company Cybereason, add to a wave of phishing attacks that has washed over the region in the wake of a massive move to remote work caused by COVID-19.

CIO | Middle East  >  Palestine  >  Ramallah  >  Cityscape / skyline / sunrise
Rex Wholster / Getty Images

An apparent espionage campaign that uses three previously unreported malware variants and targets political and government leaders in the Middle East is adding to a wave of phishing attacks that has washed over the region in the wake of a massive move to remote work caused by COVID-19.

The malware was reported last week by Cybereason, which attributed the campaign to an advanced persistent threat (APT) known as Molerats, a part of the hacker group called The Gaza Cybergang. Researchers say that the group is politically motivated and has been operating since 2012. Cybereason says it observed the group primarily targeting UAE, Egypt, Turkey, and the Palestinian Territories.

The phishing campaign uses email with political themes to trick victims into downloading backdoor programmes from social media accounts that issue command and control (C2) instructions.

Phishing attacks generally use fake emails that appear to be from a legitimate source, in order  to get victims to hand over passwords and other personal data by prompting them to type login details into a website front. Such attacks have increased since pandemic lockdowns forced office staffers — including government officials — to work from home, with cybercriminals taking advantage of an increase in traffic to e-commerce, social media and other sites.

Phishing attacks jumped by 600 percent in the Middle East after the pandemic hit the region, according to a June report by Dubai Future Foundation, and more than 2.57 million phishing attacks were detected across the Middle East in the second quarter, according to security company Kaspersky. The initial wave of phishing attacks that occurred when COVID first hit frequently used news about the pandemic to lure victims.

To continue reading this article register now

The CIO Fall digital issue is here! Learn how CIO100 award-winning organizations are reimagining products and services for a new era of customer and employee engagement.