On 29 March 2017 the German Federal Office for Information Security (BSI) said in a statement that the website of Israeli newspaper Jerusalem Post was manipulated and linked to a harmful third party. Below is a Google translation of the statement: “After the cyber attack on the German Bundestag in 2015, some protective functions that the BSI […]
Read MoreOperation Electric Powder – Who is targeting Israel Electric Company?
Attackers have been trying to breach IEC (Israel Electric Company) in a year-long campaign. From April 2016 until at least February 2017, attackers have been spreading malware via fake Facebook profiles and pages, breached websites, self-hosted and cloud based websites. Various artifacts indicate that the main target of this campaign is IEC – Israel Electric Company. These […]
Read MoreIranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford
Iranian threat agent OilRig has been targeting multiple organisations in Israel and other countries in the Middle East since the end of 2015. In recent attacks they set up a fake VPN Web Portal and targeted at least five Israeli IT vendors, several financial institutes, and the Israeli Post Office. Later, the attackers set up […]
Read MoreAttacks Against Customer Service Centers by Impersonation of Potential Clients
Hundreds of customer service centers have been targeted In a campaign going back at least to August 2016. An email is sent to the “contact us” or “customer support” address of an online shop. The sender pretends to be a a customer that has a problem with the online shopping cart or is just asking to […]
Read MoreBusiness Email Compromise fraud Against Global Shipping Companies
Clearsky Security regularly monitors and tracks phishing and fraud campaigns by looking for impersonating domain names. Recently we detected multiple domains impersonating shipping and logistics companies being registered. We suspect that these companies have become the target of Business Email Compromise scams (aka BEC or “CEO fraud”) Targeted organisations include Singaporean Executive Ship Management, VersaCold […]
Read MoreMagecart – a malicious infrastructure for stealing payment details from online shops
Since March 2016, numerous credit cards and other details have been stolen during payment from dozens of online shops worldwide. Malicious JavaScript code acting as a form grabber or a simple “cloud based” keylogger was injected into breached shops. As buyers filled in their payment details, the data was captured and sent in real time to […]
Read MoreOperation DustySky – Part 2
Operation DustySky – Part 2 is a follow-up on our DustySky operation report from January 2016. It analyses new attacks by Molerats against targets in Israel, The United States, Egypt, Saudi Arabia, United Arab Emirates and The Palestinian Authority. We elaborate on the scope and targeting of the DustySky campaign and expose new infrastructure and […]
Read MoreOperation DustySky
DustySky (called “NeD Worm” by its developer) is a multi-stage malware in use since May 2015. It is in use by the Molerats (aka Gaza cybergang), a politically motivated group whose main objective, we believe, is intelligence gathering. Operating since 2012, the group’s activity has been reported by Norman [1], Kaspersky[2] [3], FireEye[4], and PwC[5]. This […]
Read MoreReport: The CopyKittens are targeting Israelis
CopyKittens is an espionage group that has been attacking Israeli targets since at least August 2014. Among the targets are high ranking diplomats at Israel’s Ministry of Foreign Affairs and well-known Israeli academic researchers specializing in Middle East Studies. Matryoshka is the name we gave the malware built by CopyKittens. It is a multi-stage framework, with each […]
Read MoreRocket Kitten 2 – follow-up on Iran originated cyber-attacks
In the past few months ClearSky and Trend Micro have been monitoring and analyzing the Iranian cyber-attack group known as “Rocket Kitten”. The following report uncovers new attacks performed by the group, its methods and operations. Rocket Kitten has been operating since at least mid-2014. The group operates against numerous targets in the middle-east including Israelis, Iranian exiles, and enemies of Iran. The targets […]
Read More