New attacks involving the Pierogi++ malware have been launched by Hamas-affiliated threat operation Gaza Cybergang against Palestinian entities, The Hacker News reports.
Despite using a different programming language and lacking Ukrainian strings in its code, the Pierogi++ backdoor retains its predecessor's screenshot-capturing, command execution, and attacker file-downloading capabilities, according to a report from SentinelOne.
Such a discovery indicates the continued improvements implemented by Gaza Cybergang in its attack arsenal, noted researchers, who added that the group has also been associated with the Operation Bearded Barbie and Big Bang attack campaigns, as well as the WIRTE threat operation.
"The observed overlaps in targeting and malware similarities across the Gaza Cybergang sub-groups after 2018 suggests that the group has likely been undergoing a consolidation process. This possibly includes the formation of an internal malware development and maintenance hub and/or streamlining supply from external vendors," said SentinelOne researcher Aleksandar Milenkoski.
There has been no evidence that individuals with the Biden campaign responded to the unsolicited emails, according to the agencies, which noted that U.S. media organizations have also been provided with Trump campaign-related information by the hackers.
After establishing trust with targets via spear-phishing emails purporting to be job openings for senior-/manager-level employees in high-profile companies, UNC2970 proceeded to deliver a malicious ZIP file masquerading as a job description, an analysis from Google Cloud's Mandiant revealed.
More than 260,000 devices have been part of the Mirai-based botnet, which has been controlled by the Integrity Technology Group using IP addresses of the China Unicom Beijing Province Network, most of which were from the U.S.