View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Malware bundled with Middle East conflict news targets media and governments

Hack associated with anti-Zionist group has resurfaced in May.

By Jimmy Nicholls

Malware previously associated with anti-Zionist hacktivists was employed again last month against the BBC, a Middle Eastern diplomatic body and governments including UK, the US and Israel.

So-called "molerats" use decoy documents ostensibly containing information on Middle Eastern conflicts to open systems to remote access tools (RAT), a method that has previously been linked to the Gaza Hacker Team, who defaced the Chief Rabbinate’s website in 2012.

An analysis by the malware security firm FireEye said: "Although a large number of attacks against our customers appear to originate from China, we are tracking lesser-known actors also targeting the same firms."

Molerats use backdoor entry techniques to compromise systems, with recent attempts connected to RAT software such as Poison Ivy (PIVY) or Xtreme RATs, which allow someone to take control of a remote computer anywhere in the world.

"Molerats campaigns seem to be limited to only using freely available malware," FireEye added. "However, their growing list of targets and increasingly evolving techniques in subsequent campaigns are certainly noteworthy."

Targets of the attacks included a number of Western governments, as well Israeli and Palestinian surveillance targets, and the Office of the Quartet Representative, a body that protects EU, US, Russian and UN interests within Israel and Palestine.

Other molerat targets during May included a major US financial institution, Turkey and several European government organisations.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

RATs have been described by FireEye as an "ancient pest", and "the hacker’s equivalent of training wheels". Though associated with novice hackers or "script kiddies", RATs have been described as "a linchpin of many sophisticated cyber attacks" by the security firm.

Last summer the firm published a report detailing the use of Poison Ivy among Middle Eastern hackers in combination with spear phishing. Victims were sent tainted RAR files, either through email or via a link to an online storage service such as Dropbox.

The Gaza Hacker Team was previously linked to an incident that saw Israel disable internet access for its police force and ban the use of memory sticks in October 2012, and are reported to have been attacking Israeli websites since 2008.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.