Kaspersky Lab uncovers new attack targeting legislative bodies
“Operation Parliament” cyberespionage campaign targets government agencies, large corporates
Kaspersky Lab has unmasked a new cyberespionage campaign targeting high profile organisations from around the world, but with a focus on the Middle East and North Africa.
Dubbed “Operation Parliament”, the attacks have been active since 2017 and have targeted top legislative, executive and judicial powers, including governmental and large private entities from the region, including the UAE, Saudi Arabia, Jordan, Palestine, Egypt, Kuwait, Qatar, Iraq, Lebanon, Oman, Djibouti and Somalia. All together, Kaspersky Lab experts detected victims in 27 countries.
The announcement was made by Mohammad Amin Hasbini, senior security researcher, Global Research & Analysis Team, Kaspersky Lab, during Kaspersky Lab’s Cyber Security Weekend for the Middle East, Turkey and Africa currently underway in Istanbul, Turkey. “Operation Parliament is another symptom of the continuously developing tensions in the Middle East and North Africa. We are witnessing higher sophistication and smarter techniques used by attackers and it doesn’t look like they will stop or slow down anytime soon,” said Hasbini.
Kaspersky Lab experts believe that “Operation Parliament” represents a new geopolitically motivated threat actor that is highly active and skilled. Attackers are also believed to have access to an elaborate database of contacts for sensitive organisations and personnel worldwide, especially of non-trained staff. Victims of the attacks include government entities, political figures, military and intelligence agencies, media outlets, research centers, Olympic foundations and large private companies.
Based on the findings, the attackers infiltrated their victims using malware that provides them with a remote cmd/powershell terminal that enables them to execute any scripts/commands and receive the result through http requests. The attacks have taken great care to stay under the radar and have used techniques to verify victims’ devices before infiltrating them.
To prevent falling victim to such an attack, Kaspersky Lab researchers advises organisations to exert special attention and extra measures, including, training staff to be able to distinguish spearphishing emails or a phishing link from legitimate emails and links; and use not only proven corporate-grade endpoint security solution but also a combination of specialised protection against advanced threats, such as Kaspersky Lab’s Threat Management and Defense Solution, which is capable of catching attacks by analysing network anomalies.
Kaspersky Lab says its products has successfully detected and blocked attacks conducted using these techniques.