Menu
Israel targeted by malware packaged with pornographic video

Israel targeted by malware packaged with pornographic video

Trend Micro said two campaigns, one sophisticated and one not, shared the same infrastructure

Israeli institutions have been targeted by an Arab-speaking hacker group that sought to extract sensitive documents, according to Trend Micro.

The campaign, which Trend called Operation Arid Viper, focused on sending phishing emails to targets. Those emails came with malware packaged with a short pornographic video, according to the company's report.

The phishing emails were sent to targets including a government office, infrastructure providers, a military organization and academic institutions in Israel and Kuwait.

The attacks "targeted professionals who might be receiving very inappropriate content at work and so would hesitate to report the incident," Trend wrote. "These victims' failure to act on the threat could have then allowed the main malware to remain undiscovered."

The malware then began hunting around on a victim's hard disk for Word, Excel, PowerPoint and text files. It reported the files to the command and control server, which then decided which files to steal.

The command-and-control servers used by Arid Viper were "closely locked down, providing very little hint that could aid our investigation," Trend said.

Trend found the Arid Viper attacks shared the same command-and-control infrastructure as another campaign it calls Advtravel, although the style of attacks are very different.

The company gained insight into Advtravel after a server connected with the operation was left open on the Internet.

"This allowed us to download copies of its entire content to study as part of our investigation before its owners realized their mistake and locked it down," the report said.

The Advtravel attackers infected more than 500 systems of mostly Arabs living in Egypt. They focused on stealing images from victims' computers, many of which were screenshots of Facebook profiles, perhaps in an attempt to identify victims.

"This could be a sign that they are looking for incriminating or compromising images for blackmail purposes," Trend wrote. "As such, the attackers may be less-skilled hackers who are not after financial gain nor hacking for espionage purposes."

Overall, the Advtravel attackers were much less skilled than Arid Viper. "They look like a classic group of beginner hackers just starting their careers," Trend said.

Trend did extensive research into the email addresses used to register domain names use for Arid Viper's command-and-control infrastructure as well as Advtravel, linking some possible actors to the Gaza Strip.

But it cautioned that such analysis was not definitive, as the attackers could have easily faked information required to register domain names.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags trend microsecuritymalware

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments