Subscribe
  • Home
  • /
  • Malware
  • /
  • Operation Parliament targets MENA region with cyberespionage malware

Operation Parliament targets MENA region with cyberespionage malware

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 13 Apr 2018
New cyberespionage campaign uncovered.
New cyberespionage campaign uncovered.

Kaspersky Lab has uncovered a new cyberespionage campaign that is targeting high profile organisations from around the world with a focus on the Middle East and North Africa.

Dubbed Operation Parliament, the attacks have been active since last year and have focused on government entities, political figures, military and intelligence agencies, media outlets, research centres, Olympic foundations and large private companies.

Victims were detected in 27 countries, including the UAE, Saudi Arabia, Jordan, Palestine, Egypt, Kuwait, Qatar, Iraq, Lebanon, Oman, Djibouti and Somalia.

According to the company, the campaign represents a new geopolitically motivated attacker that is both extremely active and highly skilled.

Under the radar

Kaspersky believes the threat actors behind the campaign have access to an elaborate database of contacts for sensitive organisations and personnel worldwide, particularly of non-trained staff.

The company's researchers, say that based on their findings, the criminals invaded their victims using malware that provides them with a remote PowerShell terminal that enables them to execute any scripts or commands and receive the result through HTTP requests.

"The attacks have taken great care to stay under the radar and have used techniques to verify the victims' devices before infiltrating them," they said.

Ongoing tensions

Mohamad Amin Hasbini, senior security researcher, Global Research & Analysis Team at Kaspersky Lab, says the campaign is another sign of ongoing tensions in the Middle East and North Africa.

"We are witnessing higher sophistication and smarter techniques used by attackers and it doesn't look like they will stop or slow down anytime soon. The type of people and organisations targeted in this attack campaign should elevate their levels of cyber maturity in order to mitigate such attacks in the future", he added.

Employ extra measures

To prevent attacks of this nature, Kaspersky Lab researchers advises organisations to exert special attention and extra measures, including training employees to be able to distinguish spearphishing emails or a phishing link from legitimate emails and links.

It also advises businesses to use not only proven corporate-grade endpoint security solution but also a combination of specialised protection against advanced threats, which is capable of catching attacks by analysing network anomalies.

Share