Palestinian hacking group evolving with new malware, researchers say

Written by
Feb 8, 2022 | CYBERSCOOP

A Palestinian-aligned hacking group has targeted Middle Eastern governments, foreign policy think tanks and a state-affiliated airline with a new malware implant as part of “highly targeted intelligence collection campaigns,” according to research published Tuesday.

The findings, from researchers with cybersecurity firm Proofpoint, unpack the latest activities of an established and well-documented Arabic-speaking hacking group known as MoleRATs and its deployment of a new intelligence-gathering trojan they call “NimbleMamba.”

The malware serves an intelligence-gathering trojan and, according to the researchers, is likely designed gain initial access to a target system.

The group has gone after targets worldwide over the years, but Tuesday’s research examines campaigns against an unnamed Middle East government, foreign policy think tanks and a state-affiliated airline starting in August 2021 and continuing into January 2022.

The operators behind MoleRATs — also known as TA402 — are “evolving their techniques and creating these very nicely done, specific and well-targeted campaigns,” Sherrod DeGrippo, Proofpoint’s vice president, threat research and detection, told CyberScoop.

In June 2021 Proofpoint researchers analyzed MoleRATs malware known as LastConn, which was designed to gain access and conduct information gathering activities. After that publication, “TA402 appeared

Read More: