Kaspersky Lab has warned of an increase in activity by an Arabic-speaking cybercriminal group which targets government organisations in the MENA region.
The ‘Gaza Cybergang’ has been active since 2012, but has been particularly active in the second and third quarters of this year.
The attackers focus on government entities, especially embassies, primarily targeting IT and incident response staff by sending them malware files. The group has attacked government entities in countries including Egypt, the UAE and Yemen.
The Gaza Cybergang actively sends malware files to information technology (IT) and incident response (IR) staff. Kaspersky Lab experts suspect that the reason behind targeting IT personnel has to do with the fact that they are known to have more access and permissions inside their organisations than other employees, mainly because they need to manage and operate the infrastructure.
Similarly, IR staff may be targeted for having access to sensitive data related to ongoing cyber investigations in their organisations, as well as special access and permissions enabling them to hunt for malicious or suspicious activities on the network.
Despite the fact they are targeting high-level entities such as government bodies, the Gaza team uses well-known remote administration tools (RAT) – XtremeRAT and PoisonIvy – spreading infections via phishing scams. Using simple infection tools, they successfully hit their targets with crafted social engineering tricks, using special file names, content and domain names that help the group in their hunt for targets.
“According to the list of targets, which includes government entities in the Middle East and North Africa region, we’re witnessing politically motivated cyberattacks. By gaining control of computers with greater access to the system, the cybercriminals increase their chances of stealing valuable information and are much more likely to cause significant damage. As attribution is the most complicated – often impossible – task when analysing a malicious cyber-campaign, we don’t as yet know who is behind it,” said Mohammad Amin Hasbini, senior security researcher, Global Research & Analysis Team, Kaspersky Lab.
These materials are not intended and should not be used as legal advice or other recommendation. If you need a legal opinion on a specific issue or factual situation, please contact a lawyer. Anyone using these materials should not rely on them as a substitute for legal advice.
Remember, no problem has a quick fix solution. Thus, always ensure to consult highly knowledgeable group of professionals whom would provide you with a collective advice, never individual advice. This group advice and approach is unique with CWIIL Group and is based on the overall Management Philosophy of all CWIIL Group Companies.
Consulting CWIIL Group of Companies, for any / all matters relating to security ensures advice based on highest level of knowledge which are given to you by a team of select research-oriented experts whom each will do their own assessment of your matter, and also assess it together, thus ensuring that in case a mistake has been made by one, it will be noticed and corrected even before it is being passed on to you. Receiving incorrect and un-knowledgeable security advice can be disastrous and thus should be avoided.
CWIIL Group of Companies is a global group of multi-specialized units with diversified interests and activities, wherein each company is a separate legal entity registered under prevailing laws in different parts of the world. CWIIL Group of Companies Products, Services, Project and Solutions are in a multitude of Verticals including, but not limited to, Infrastructure, Power, Oil & Gas, Legal, Media, Technology, ITES, HR, Shipping, Aviation, Real Estate, Hospitals, Health and Medicine, Education, Funding & Investment, Business and Legal Consultancy, and Public Private Partnerships, and other CWIIL Group Units, worldwide, to name a few.
For Further Queries Feel Free to Contact :
Mr. Mohammad Mukhtar Mustafa,
Deputy Global Director, No. 4,
Strategic Business & Intelligence Division,
Email : deputy.gd.4@cwiilgroup.eu
Voice : +45.8176.1923
Connect : LinkedIn – Twitter – Facebook – Quora
For Queries Specific to Middle East & North Africa :
Email : mena@cwiilgroup.com , hq@cwiilgroup.eu
Web : www.cwiilgroup.com , www.cwiilgroup.eu
For Any / All Other Queries :
CWIIL Group Global Regional Headquarters Denmark,
Address : No. 1, Klokkebjergevej, DK6900 Skjern, Denmark
Voice : +45.5148.3608
Fax : +45.7014.1498
Email : corpcomm@cwiilgroup.eu
Web : www.cwiilgroup.eu
Connect : LinkedIn – Twitter – Facebook – Quora
Office Hours :
Monday to Friday : 10.00 – 17.00 CET.
Saturday : 10.00 – 14.00 CET.
Sunday : Closed.
The Corporate Communications Team would require minimum a fortnight for Reviewing & Responding to Queries, which please note.
CWIIL Group Middle East & North Africa Operations 