Security researchers have detected attacks by a hacker group designated Molerats that have targeted the BBC, European government organisations and at least one major US financial institution.
The attacks spotted by security firm FireEye in a recent study took place in late May, but the firm said these appear to be part of a campaign that goes back several years and which continues.
“This was just one unique facet to a much broader series of related attacks dating back to as early as October 2011 and are still ongoing,” the firm stated.
FireEye last published details on the Molerats attacks in August of last year, linking the group to targets on the US and UK governments as well as Israeli and various Middle Eastern targets.
The group of hackers, identified by factors such as the type of file used to spread malware and the type of Remote Access Tools (RATs) typically used in the attacks, is now targeting a wider range of organisations, including Palestinian and Israeli surveillance targets, government departments in Israel, Turkey, Slovenia, Macedonia, New Zealand, Latvia, the US and the UK, the BBC, a major US financial institution and multiple European government organisations, FireEye said.
“Molerats activity has been tracked and expanded to a growing target list,” the company said in its study.
The group uses the same kind of commonly available RAT often employed by Chinese attackers, according to FireEye. Its decoy documents, which contain malicious files, are typically written in English or Arabic and focus on current events in the Near East. Molerats’ recent attacks all use the Xtreme RAT tool, FireEye said.
The group may be related to another known as the Gaza Hackers Team, FireEye said, adding that to date, there is no evidence of the involvement of a national government.
While the recent attacks don’t use any unknown or advanced malware or zero-day exploits, they have employed techniques such as varying the server ports used to communicate with the malware in order to make the attacks harder to spot.
“Molerats campaigns seem to be limited to only using freely available malware; however, their growing list of targets and increasingly evolving techniques in subsequent campaigns are certainly noteworthy,” FireEye stated.
Are you a security pro? Try our quiz!
Most people in the United States view TikTok as a Chinese influence tool a poll…
UK regulator confirms it is investigating whether OnlyFans is doing enough to prevent children accessing…
Dismissed staff file complaint with a US labor board, and allege Google unlawfully terminated their…
Elon Musk dismisses two senior Tesla executives, plus the entire division that runs Tesla's Supercharger…
Eight newspaper publishers in the US allege Microsoft and OpenAI used their millions of their…
US judge sentences Binance founder, Changpeng Zhao, to four months in prison for ignoring money…