Novel espionage tool leveraged by pro-Palestinian hacking operation

CyberScoop reports that governments across the Middle East have been targeted by persistent pro-Palestinian hacking group TA402, also known as Gaza Cybergang, WIRTE, Frankenstein, and Molerats, in cyberespionage attacks using the new IronWind initial access tool from July to October. IronWind and other malware have been distributed by TA402 through phishing emails from a compromised Ministry of Foreign Affairs account that used economy-related issues as lures to deceive recipients into downloading files through Dropbox download links, according to a Proofpoint report. Attacks beginning in August continued to use the same email account but employed a new delivery approach while threat actors implemented another round of infection chain modifications, including an updated lure referencing the ongoing war between Israel and Palestinian militant group Hamas, last month. "The ongoing conflict in the Middle East does not appear to have hindered their ongoing operations, as they continue to iterate and use new and clever delivery methods to bypass detection efforts," said Proofpoint Senior Threat Researcher Joshua Miller.