Molerats Cyber-Attack Activity Escalating
New attacks reported by FireEye show China isn't the only part of the world targeting the U.S. with cyber-espionage.There is a new outbreak of activity from a hacking effort FireEye has dubbed "Molerats," the security firm is reporting. FireEye has been seeing Molerats activity since October 2012 and saw a specific uptick in activity between April 29 and May 27 of this year, with attacks targeting a U.S. financial institution as well as European government institutions. The Molerats activity comes from the Middle East, but that doesn't necessarily mean that a specific nation-state is behind the attacks. "We believe that the Molerats activity we are tracking may be related to a group known as the Gaza Hackers Team," Ned Moran, senior malware researcher at FireEye, told eWEEK. "We have nothing linking these actors back to a nation-state sponsor." On May 27, FireEye noted in its report that a new malicious URL was sent to a European government organization. As of May 29, the malicious link had been clicked 225 times. The link leads to a Word document that installs a remote access tool (RAT) known as Xtreme RAT to the victim's system.
There was also a Molerats attack on April 29 that, according to FireEye, leveraged a fake digital security certificate from security firm Kaspersky Lab. The April 29 attack included an email with news excerpts on the recent reconciliation between Palestinian leaders. Moran noted that the use of a fake certificate is not a new tactic for the Molerats, as the group has used fake Microsoft certificates in the past.