According to cloud-based information security provider Zscaler, the cyber offensive has been ongoing since at least July 2021, extending prior efforts by the hacker gang to conduct research on the target servers and steal vital information.

Molerats, a threat actor renowned for using legitimate cloud services like Google Drive and Dropbox to store malware payloads and for command-and-control and data exfiltration from targets across the Middle East, has been linked to an actual activity.

It is also known as TA402, Gaza Hackers Team and Extreme Jackal, is an APT groups. To persuade victims to open Microsoft Office attachments and click on infected links, the actor’s attacks have used geopolitical and military themes.

The latest effort reported by Zscaler is similar in that it uses decoy themes linked to existing disputes between Israel and Palestine to install a.NET backdoor on infected PCs, which then uses the Dropbox API to communicate with an adversary-controlled server and relay data.

The implant, which commandeers the infected machine using certain command codes, has the ability to take snapshots, list and upload files in relevant directories, and run arbitrary instructions. The researchers discovered at least five Dropbox accounts used for this purpose while investigating the attack architecture.

Finally Zscaler ThreatLabz researchers Sahil Antil and Sudeep Singh concluded that ,” The threat actor chose the targets for this campaign specifically, and they included critical members of the banking sector in Palestine, people associated with Palestinian political parties, as well as human rights activists and journalists in Turkey.”

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s