Kaspersky hat unlängst einen umfassenden Bericht zu analyisierten Hacking-Attacken (lokale Kopie) einer bis dato unbekannten Gruppe veröffentlicht, die vor allem Regierungseinrichtungen im Nahen Osten, Europa, Nordamerika und Russland ins Visier genommen hatte. Die als „Operation Parlament“ bezeichneten Aktivitäten wurden seit Anfang 2017 per Spear Phishing und gezielt inhaltlich aufbereiteten, gefälschten und mit Malware infizierten Dokumenten durchgeführt und sollen vor allem dem Ziel der Spionage gedient haben. Kaspersky fasst dies folgendermaßen zusammen:
The attackers have targeted a large number of organizations globally since early 2017, with the main focus on the Middle East and North Africa (MENA), especially Palestine. High-profile organizations have also been targeted in other regions. The number of attacks has decreased since the beginning of 2018.
The attacks were initially discovered while investigating a phishing attack that targeted political figures in the MENA region. At first the attacks looked to be the work of the low-sophistication Gaza Cybergang (decoys, file names), but further analysis painted a very different picture.
Targets include high-profile entities such as parliaments, senates, top state offices and officials, political science scholars, military and intelligence agencies, ministries, media outlets, research centers, election commissions, Olympic organizations, large trading companies, and other unknown entities.
Hinter den Angriffen vermuten die Kaspersky-Analysten einen staatlichen Akteur aus dem nahen Osten selbst, dessen Angriffswerkzeuge und Verfahren jedoch bislang noch nicht beobachtet werden konnten:
Operation Parliament appears to be another symptom of escalating tensions in the Middle East region. The attackers have taken great care to stay under the radar, imitating another attack group in the region. They have been particularly careful to verify victim devices before proceeding with the infection, safeguarding their command and control servers. The targeting seems to have slowed down since the beginning of 2018, probably winding down when the desired data or access was obtained. The targeting of specific victims is unlike previously seen behavior in regional campaigns by Gaza Cybergang or Desert Falcons and points to an elaborate information-gathering exercise that was carried out before the attacks (physical and/or digital).
Anm.: Die Zitate und Ausschnitte enstammen beide dem eingangs verlinkten Kaspersky-Bericht.