跳到主体内容

Kaspersky Lab Warning: Government IT and Incident Response Staff Targeted by Cyberattacks in Middle East & North Africa

2015年9月28日

Kaspersky Lab warns about the activity of an Arabic-speaking cybercriminal group called by the experts ‘The Gaza cybergang’

Kaspersky Lab warns about the activity of an Arabic-speaking cybercriminal group called by the experts ‘The Gaza cybergang’. It is operating in the MENA region (Middle East and North Africa), mainly in Egypt, the United Arab Emirates and Yemen. The group has been operating since 2012 and became particularly active in the second and third quarter of 2015. The attackers focus on government entities, especially embassies, and primarily target IT and incident response staff.

The Gaza cybergang actively sends malware files to information technology (IT) and incident response (IR) staff. IT personnel are known to have more access and permissions inside their organisations than other employees, mainly because they need to manage and operate the infrastructure. That is why getting access to their devices can be worth a lot more to the cybercriminals than those of normal users in the corporate network. IR people are also known for having access to sensitive data related to ongoing cyber investigations in their organisations, as well as special access and permissions enabling them to hunt for malicious or suspicious activities on the network.

Despite the fact they are targeting high-level entities such as government bodies; the Gaza team uses well-known remote administration tools (RAT) – XtremeRAT and PoisonIvy – spreading infections via phishing scams. Using simple infection tools, they successfully hit their targets with crafted social engineering tricks, using special file names, content and domain names (e.g. gov.uae.k*m) that help the group in their hunt for targets. Examples of file names that have delivered malware to a victims’ machine, include:

  • “Indications of disagreement between Saudi Arabia and UAE.exe”,
  • “Wikileaks documents on Sheikh.exe”,
  • “Scandalous pictures of Egyptian militants, judges and consultants”,
  • “President Mahmoud Abbas cursing Majed Faraj.exe”,
  • “Leaked conversation with the Egyptian leader of military forces Sodqi Sobhi.exe”,
  • “Secret_Report.exe”,
  • “Military Police less military sexual offenses, drug offenses more.exe”

“According to the list of targets, which includes government entities in the Middle East and North Africa region, we’re witnessing politically motivated cyberattacks. By gaining control of computers with greater access to the system, the cybercriminals increase their chances of stealing valuable information and are much more likely to cause significant damage. As attribution is the most complicated – often impossible – task when analyzing a malicious cyber-campaign, we don’t as yet know who is behind it,” says Mohammad Amin Hasbini, Senior Security Researcher, Global Research & Analysis Team, Kaspersky Lab.

In order to reduce the risk of being infected by the group’s malicious tools, Kaspersky Lab experts recommend the following measures:

  • Be wary of emails with attachments;
  • Keep software updated, especially software that is widely used and often exploited by cybercriminals;
  • If you are aware of any vulnerabilities in the software on your device but there is no patch for it yet, avoid using this software;
  • Use a proven anti-malware solution.

To find out more, please read the related blog post available at Securelist.com.

Kaspersky Lab Warning: Government IT and Incident Response Staff Targeted by Cyberattacks in Middle East & North Africa

Kaspersky Lab warns about the activity of an Arabic-speaking cybercriminal group called by the experts ‘The Gaza cybergang’
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻