Operation Parliament targets MENA region with cyberespionage malware
Kaspersky Lab has uncovered a new cyberespionage campaign that is targeting high profile organisations from around the world with a focus on the Middle East and North Africa.
Dubbed Operation Parliament, the attacks have been active since last year and have focused on government entities, political figures, military and intelligence agencies, media outlets, research centres, Olympic foundations and large private companies.
Victims were detected in 27 countries, including the UAE, Saudi Arabia, Jordan, Palestine, Egypt, Kuwait, Qatar, Iraq, Lebanon, Oman, Djibouti and Somalia.
According to the company, the campaign represents a new geopolitically motivated attacker that is both extremely active and highly skilled.
Under the radar
Kaspersky believes the threat actors behind the campaign have access to an elaborate database of contacts for sensitive organisations and personnel worldwide, particularly of non-trained staff.
The company's researchers, say that based on their findings, the criminals invaded their victims using malware that provides them with a remote PowerShell terminal that enables them to execute any scripts or commands and receive the result through HTTP requests.
"The attacks have taken great care to stay under the radar and have used techniques to verify the victims' devices before infiltrating them," they said.
Mohamad Amin Hasbini, senior security researcher, Global Research & Analysis Team at Kaspersky Lab, says the campaign is another sign of ongoing tensions in the Middle East and North Africa.
"We are witnessing higher sophistication and smarter techniques used by attackers and it doesn't look like they will stop or slow down anytime soon. The type of people and organisations targeted in this attack campaign should elevate their levels of cyber maturity in order to mitigate such attacks in the future", he added.
Employ extra measures
To prevent attacks of this nature, Kaspersky Lab researchers advises organisations to exert special attention and extra measures, including training employees to be able to distinguish spearphishing emails or a phishing link from legitimate emails and links.
It also advises businesses to use not only proven corporate-grade endpoint security solution but also a combination of specialised protection against advanced threats, which is capable of catching attacks by analysing network anomalies.