Delaware, USA – October 31, 2017 – Cybercriminals from Gaza group have been known since 2012, and they continue to carry out large-scale cyberespionage campaigns targeted organizations and politicians in the countries of the Middle East and North Africa. According to researchers from Kaspersky Lab, attackers in mid-2016 managed to penetrate networks of oil and gas companies in MENA region. Their espionage activity remained unnoticed for more than a year. Until recently, attackers have achieved their goals without utilizing of sophisticated techniques, but since June 2017 they have started exploiting recently detected MS Office vulnerabilities in targeted spam campaigns. After opening the document, the macro downloaded malware from Gaza group’s server. In case of detection by antivirus solutions, the macro downloaded other tools, in the hope that something would be installed unnoticed. The installed malware allows hackers to access victim’s files, as well as monitor any activity on the infected system.
Hackers successfully leverage social engineering while composing phishing emails, and their tactic, unfortunately, is very effective. The installation of all critical security updates and raising security awareness only partially solve the problem. It is necessary to constantly monitor the processes inside the organization to track any spyware activity, connections to untrusted servers and spikes of suspicious activity. You can monitor all this with your SIEM and APT Framework use case from Use Case Cloud.