Gaza Cybergang returns to attack UAE and Saudi Arabia
Kaspersky Lab experts are registering changes in the operations of the infamous Gaza Team Cybergang
The infamous Gaza Team Cybergang are returning to the Middle East and North Africa (MENA) stronger than ever, according to Kaspersky Lab.
Security experts at Kaspersky Lab discovered that the cybercriminal gang are changing the way they operate but are continuing to target commercial and government organisations in the UAE, Saudi Arabia, Palestine, Egypt and other countries in the MENA region.
The gang have reportedly been active since 2012, and in 2015 Kaspersky Lab experts saw a shift in its operations. However now the Gaza Team Cybergang have been spotted targeting IT and incident response personnel to access security assessment tools and significantly decrease visibility of their activity in the attacked networks.
It appears that the attackers have only expanded their tactics but have stuck to the same geographical location. The attacks tools have become more sophisticated as the gang has developed topical, geopolitical spearphishing documents that are used to deliver malware to targets, and using exploits to a relatively recent vulnerability, CVE 2017-0199 in Microsoft Access, and potentially even Android spyware.
To carry out the attacks, the gang send emails that contain remote access Trojans in fake office documents, or URLs to malicious websites. If accessed, the victim is instantly infected with malware which allows the criminals to steal files and collect screenshots from the device. Kaspersky Lab also says that the gang rely on mobile malware.
David Emm, security expert at Kaspersky Lab, said: "The continuing activity of Gaza Team, which we have observed for several years already shows that the situation in the MENA region is far from safe when it comes to cyber espionage threats.
"Due to significant improvements in the group's techniques, we expect the quantity and quality of Gaza Cybergang attacks to intensify in the near future. People and organisations which fall into their target scope should be more cautious when online."