Vectra Networks has uncovered a hacking group (code named Moonlight) conducting cyberespionage against targets in the Middle East. Vectra has identified over two hundred samples of malware generated by the group over the last two years.
Key findings:
- The attacks are themed around Middle Eastern political issues and the motivation appears to relate to espionage, as opposed to opportunistic or criminal intentions
- These are not technically sophisticated attackers, however, they do deploy some novel tactics and the implications of these attacks could be significant
- Both the tools and targets of Moonlight are reminiscent of “Gaza Hacker Team” – a group of attackers that are said to be politically aligned to the Hamas
- Vectra refer to group of attackers as Moonlight, after the name the attackers chose for one of their command and control domains
- The earliest attacks appear to be non-targeted, opportunistically inviting victims to click links on YouTube videos and social media posts typical of Middle-Eastern “hacktivists”. Later attacks appear to target particular groups or individuals (politicians, activists and staff at NGOs)
Vectra worked with providers to sinkhole Moonlight’s command and control infrastructure. More details on the attack here. Gunter Ollmann, CSO, Vectra Networks commented below on the nature of the attacks.
Gunter Ollmann, CSO at Vectra Networks:
“Targeted attacks don’t need to be sophisticated to work, especially if the targets are highly localised. An appropriately targeted and sentiment driven attack tends to be more successful often because of the lack of technical sophistication.”
“The anti-botnet industry has increasingly focused on big-name malware families and criminal organisations. We’ve become accustomed to viewing a threat through the lens of hundreds of thousands of victims. As a consequence, we’ve become myopic to the smaller and much more targeted attacks that often impact their victims in ways considerably more severe than just identify theft.”
“Whether it’s freedom fighters or terrorists, the cyber-domain is increasingly an important theatre for propagating a cause. The tools necessary to target the opposition and gather valuable intelligence are in play by both small and large groups around the world. Cyber warfare isn’t just the domain of large nation state actors.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…