Malware bundled with Middle East conflict news targets media and governments

Malware previously associated with anti-Zionist hacktivists was employed again last month against the BBC, a Middle Eastern diplomatic body and governments including UK, the US and Israel.

So-called "molerats" use decoy documents ostensibly containing information on Middle Eastern conflicts to open systems to remote access tools (RAT), a method that has previously been linked to the Gaza Hacker Team, who defaced the Chief Rabbinate’s website in 2012.

An analysis by the malware security firm FireEye said: "Although a large number of attacks against our customers appear to originate from China, we are tracking lesser-known actors also targeting the same firms."

Molerats use backdoor entry techniques to compromise systems, with recent attempts connected to RAT software such as Poison Ivy (PIVY) or Xtreme RATs, which allow someone to take control of a remote computer anywhere in the world.

"Molerats campaigns seem to be limited to only using freely available malware," FireEye added. "However, their growing list of targets and increasingly evolving techniques in subsequent campaigns are certainly noteworthy."

Targets of the attacks included a number of Western governments, as well Israeli and Palestinian surveillance targets, and the Office of the Quartet Representative, a body that protects EU, US, Russian and UN interests within Israel and Palestine.

Other molerat targets during May included a major US financial institution, Turkey and several European government organisations.

RATs have been described by FireEye as an "ancient pest", and "the hacker’s equivalent of training wheels". Though associated with novice hackers or "script kiddies", RATs have been described as "a linchpin of many sophisticated cyber attacks" by the security firm.

Last summer the firm published a report detailing the use of Poison Ivy among Middle Eastern hackers in combination with spear phishing. Victims were sent tainted RAR files, either through email or via a link to an online storage service such as Dropbox.

The Gaza Hacker Team was previously linked to an incident that saw Israel disable internet access for its police force and ban the use of memory sticks in October 2012, and are reported to have been attacking Israeli websites since 2008.