Delaware, USA – July 9, 2018 – Security researchers from Checkpoint discovered a new campaign targeted government institutions in the Middle East. Researchers found several clues pointed to Gaza Cybergang as a threat actor behind this campaign. The campaign’s primary target is the Palestinian Authority, and the first malware samples were compiled at the end of March 2018. Gaza Cybergang is known for 6 years, and a year ago they conducted a similar campaign against Palestinian law enforcement agencies. Adversaries use modular trojan Micropsia, written in C ++ and distributed via spear-phishing as a self-extracting archive. After infecting the system, Micropsia collects information about it and sends info to the command & control server. Then it receives the configuration file from the C&C server that determines which modules the malware will use. There are 13 modules, but not all have been studied. It is known that malware not only spies on the user’s actions, but is also capable of killing processes and downloading and running other malware.
Over the year, adversaries significantly improved both malware and C&C communications. This APT group carefully selects targets for the attack, so it is difficult to detect their actions. To detect such malicious activity, you can use your SIEM with APT Framework that leverages the methodology of Cyber Kill Chain to uncover the traces of APT attacks.