A recent report by Kaspersky Lab has revealed that a threat actor group, known as Gaza Cybergang, swindled top-level victims from the Middle East region. Gaza Cybergang is a politically motivated Arabic-speaking cybercrime group that is known to target the Middle East and North Africa (MENA) region, specifically the Palestinian Territories.
According to the report, the 240+ victims in the attacks were mostly journalists, activists or political figures spread across 39 countries. Palestinian Territories was recorded with the highest number of victims. Other countries included Jordan, Israel, Lebanon, Saudi Arabia, Syria, Egypt, and the UAE.
The big picture
Dependence on scripting
Although Group1 is said to be the least sophisticated among the three, it was discovered that it made use of numerous scripts in its activities.
“We have identified several implants that leveraged PowerShell, VBS, JS, and .NET for resilience and persistence. The final stage, however, is a .NET application that takes several commands such as directory listing, screenshot, compress, upload, etc,” said the report. This is an indication that the malware deployed by the group banked on persistence mechanisms for successful attacks.