Gaza cyber-gang sending malware files to IT and IR personnel

News by Greg Masters

A Middle Eastern cyber-group seeking higher levels of access to specific networks has turned its focus to IT security personnel.

A Middle Eastern, politically motivated cyber-group has turned its focus to IT security personnel, according to a Securelist post.

The so-called "Gaza cyber-gang," a group acting predominantly out of Egypt, United Arab Emirates and Yemen, is reportedly actively sending malware files to IT (information technology) and IR (incident response) staff seeking higher levels of access to specific networks.

Sending out spear-phishing emails, including file names with terms specific to IT roles, the group attempts to trick users into clicking through to initiate the download of common remote access trojans (RATs), mainly XtremeRAT and PoisonIvy.

Because IT and IR staff generally have heightened network access and permissions "getting access to their devices could be worth a lot more than for a normal user,” the Russia-based vendor said.

Since 2012, the Gaza group has primarily targeted embassies and other government affiliations in the UK and Europe.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews