Lebanon Global Cyber Espionage Campaign Code Named Explosive

Global cyber espionage campaign exposed in Lebanon against targets in Israel, the US, Canada, Russia and the UK as well as against targets in Lebanon itself.

Israeli-based cyber firm “Checkpoint” researchers published a report which exposed the cyber espionage operation and uncovered an attack campaign called Volatile Cedar,and suggest the attacker’s motives are not financial but aim to extract sensitive information from the targets and has successfully penetrated a large number of targets across the globe.

Volatile Cedar global cyber espionage campaign used a custom-made malware implant code named “Explosive” ,a sophisticated custom-made malware which designed to draw various informations from organizations and individuals from defense contractors, telecommunications and media companies and educational institutions.

Key Findings from Checkpoint:

  • Volatile Cedar is a highly targeted and well-managed campaign: Its targets are carefully chosen, confining the infection spread to the bare minimum required to achieve the attacker’s goal while minimizing the risk of exposure.
  • The first evidence of any Explosive version was detected in November 2012. Over the course of the timeline, several versions have been detected.
  • The modus operandi for this attacker group initially targets publicly facing web servers, with both automatic and manual vulnerability discovery.
  • Once the attacker gains control over a server, he/she can use them as a pivot point to explore, identify, and attack additional targets located deeper inside the internal network. We have seen evidence of online manual hacking as well as an automated USB infection mechanism.

The full report on Volatile Cedar can be found here: /downloads/volatile-cedar-technical-report.pdf