CyberScoop reports that governments across the Middle East have been targeted by persistent pro-Palestinian hacking group TA402, also known as Gaza Cybergang, WIRTE, Frankenstein, and Molerats, in cyberespionage attacks using the new IronWind initial access tool from July to October.
IronWind and other malware have been distributed by TA402 through phishing emails from a compromised Ministry of Foreign Affairs account that used economy-related issues as lures to deceive recipients into downloading files through Dropbox download links, according to a Proofpoint report.
Attacks beginning in August continued to use the same email account but employed a new delivery approach while threat actors implemented another round of infection chain modifications, including an updated lure referencing the ongoing war between Israel and Palestinian militant group Hamas, last month.
"The ongoing conflict in the Middle East does not appear to have hindered their ongoing operations, as they continue to iterate and use new and clever delivery methods to bypass detection efforts," said Proofpoint Senior Threat Researcher Joshua Miller.
Ukraine has been targeted by Russian threat actors in the new Operation Texontodisinformation campaign that also involved spear-phishing and credential exfiltration tactics, according to The Hacker News.
Record high ransomware and data extortion incidents experienced by Western nations last year have prompted former National Security Agency Director Michael Rogers to call for a reevaluation of their cybersecurity defense strategy.