CopyKittens is an espionage group that has been attacking Israeli targets since at least August 2014. Among the targets are high ranking diplomats at Israel’s Ministry of Foreign Affairs and well-known Israeli academic researchers specializing in Middle East Studies. Matryoshka is the name we gave the malware built by CopyKittens. It is a multi-stage framework, with each […]
Read MoreRocket Kitten 2 – follow-up on Iran originated cyber-attacks
In the past few months ClearSky and Trend Micro have been monitoring and analyzing the Iranian cyber-attack group known as “Rocket Kitten”. The following report uncovers new attacks performed by the group, its methods and operations. Rocket Kitten has been operating since at least mid-2014. The group operates against numerous targets in the middle-east including Israelis, Iranian exiles, and enemies of Iran. The targets […]
Read MoreThamar Reservoir – An Iranian cyber-attack campaign against targets in the Middle East
This report reviews an ongoing cyber-attack campaign dating back to mid-2014. Additional sources indicate it may date as far back as 2011. We call this campaign Thamar Reservoir, named after one of the targets, Thamar E. Gindin, who exposed new information about the attack and is currently assisting with the investigation. The campaign includes several different attacks with the […]
Read MoreAttacks against Israeli & Palestinian interests
Recently Clearsky’s researchers collaborated with PwC’s intelligence team while investigating Attacks against Israeli & Palestinian interests. The full post can be read at PwC’s Cyber security updates blog. Here’s the excerpt: “This short report details the techniques being used in a series of attacks mostly against Israel-based organisations. The decoy documents and filenames used in the attacks […]
Read MoreGholee – a “protective edge” themed spear phishing campaign
Introduction During the 2014 Israel–Gaza conflict, dubbed by Israel as “operation protective edge”, a raise in cyber-attacks against Israeli targets was reported. In this report we analyze one case of an operation protective edge themed spear phishing attack. That email contained a malicious excel file, which once opened and its VBA code executed, would infect […]
Read More