Information security firm Trend Micro publishes a research reports on a new cyber attack aimed at Israeli users.
Security researchers discovered two separate but heavily interconnected operations which network infrastructure located in Germany and understand an advanced persistent threat (APT) campaign that targets Israeli victims have connected and have ties to Arab parties located in the Gaza Strip and other countries in middle east.
According to Trend Micro report “Operation Arid Viper” and “Operation Advtravel” are hosted on the same servers in Germany and registered domain owner is the same individual and both operations can be tied back to activity from Gaza, Palestine.
Research describes the operations as follow ;
Operation Arid Viper: This is a highly-targeted attack on high-value Israeli targets that links back to attackers located in Gaza, Palestine. The campaign’s modus operandi involves using spear-phishing emails with an attachment containing malware disguised as a pornographic video. The attached malware carries out data exfiltration routines for a large cache of documents gathered from their victims’ machines in a sort of “smash-and-grab” attack. The first related malware sample was seen in the middle of 2013.
Operation Advtravel: This is a much less targeted attack with hundreds of victims in Egypt, whose infected systems appear to be personal laptops. This leads us to believe that the campaign is not as sophisticated as that of Operation Arid Viper. The attackers involved with Operation Advtravel can be traced back to Egypt