Kaspersky Lab has uncovered a new cyber-espionage campaign that targeted users and organizations in almost four dozen countries around the world.
The attack was called SneakyPastes. The analysis shows that its organizer is the Gaza cyber group, which includes three more teams of intruders - Operation Parliament (known since 2018), Desert Falcons (known since 2015) and MoleRats (operating at least since 2012).
During the cyber-espionage campaign, the attackers actively used phishing methods. The criminals used sites that allow fast distribution of text files, such as the Pastebin and GitHub web services, to secretly inject remote access Trojans into the victim's system.
With the help of a malicious program, the organizers of the attack stole various confidential information. In particular, the Trojan combined, compressed, encrypted and sent a wide range of documents to attackers.
“About 240 people and organizations in 39 countries with political interests in the Middle East fell victim to the campaign, including government departments, political parties, embassies, diplomatic missions, news agencies, educational and medical institutions, banks, contractors, civil activists and journalists,” Kaspersky Lab notes.
Currently, a significant part of the infrastructure that the attackers used to carry out attacks has been eliminated.
Source: 3dnews.ru