Security researchers from Check Point Threat Intelligence Team bring discovered the comeback of an APT (advanced persistent threat) surveillance grouping targeting institutions across the Middle East, specifically the Palestinian Authority.
The attack, dubbed "Big Bang," begins amongst a phishing e-mail sent to targeted victims that includes an attachment of a self-extracting archive containing 2 files—a Word document in addition to a malicious executable.
Posing to hold out from the Palestinian Political in addition to National Guidance Commission, the Word document serves equally a decoy to distract victims piece the malware is installed inwards the background.
The malicious executable, which runs inwards the background, human activity equally the showtime phase info-stealer malware designed for tidings gathering to position potential victims (on the solid soil of what is unclear equally of now), in addition to and thence it accordingly downloads the minute phase malware designed for espionage.
Besides this, the malware equally good includes a few to a greater extent than modules to execute whatever file it receives from the server, enumerate running processes, terminate a running procedure past times name, equally good equally shipping a listing of partitions constitute on the infected machine.
The malware equally good includes modules to self-destruct itself past times deleting the payload from the startup folder in addition to deleting the actual file, in addition to reboot the infected system.
However, according to the researchers, it is withal non yet confirmed precisely which threat grouping is behind this campaign.
The attack, dubbed "Big Bang," begins amongst a phishing e-mail sent to targeted victims that includes an attachment of a self-extracting archive containing 2 files—a Word document in addition to a malicious executable.
Posing to hold out from the Palestinian Political in addition to National Guidance Commission, the Word document serves equally a decoy to distract victims piece the malware is installed inwards the background.
The malicious executable, which runs inwards the background, human activity equally the showtime phase info-stealer malware designed for tidings gathering to position potential victims (on the solid soil of what is unclear equally of now), in addition to and thence it accordingly downloads the minute phase malware designed for espionage.
"While the analysis...discloses the capabilities of the spotted malware, nosotros are pretty certain it is component division of a multi-staged ready on that targets real specific victims," the researchers said inwards a blog post. "The malware below is component division of the reconnaissance phase in addition to should Pb to the primary course, whose nature is withal unknown."The malware is capable of sending a lot of information from the infected machines to the attackers' Command in addition to Control server, including screenshots of the infected computer, a listing of documents amongst file extensions including .doc, .odt, .xls, .ppt, .pdf in addition to more, in addition to logging details most the system.
Besides this, the malware equally good includes a few to a greater extent than modules to execute whatever file it receives from the server, enumerate running processes, terminate a running procedure past times name, equally good equally shipping a listing of partitions constitute on the infected machine.
The malware equally good includes modules to self-destruct itself past times deleting the payload from the startup folder in addition to deleting the actual file, in addition to reboot the infected system.
"After reviewing all the malware functionalities, nosotros are confident inwards proverb that the attackers await for victims who answer well-defined characteristics in addition to believe that farther stages of the ready on are delivered solely to those who stand upward for the specific victim profile," the researchers say.Researchers believe these attacks could hold out related to the Gaza Cybergang APT group, an Arabic-language, politically-motivated cybercriminal group, who are operating since 2012 in addition to targeted stone oil in addition to gas arrangement the Middle East North African region.
However, according to the researchers, it is withal non yet confirmed precisely which threat grouping is behind this campaign.