A Middle Eastern, politically motivated cybergroup has turned its focus to IT security personnel, according to a Securelist post.
The so-called “Gaza cybergang,” a group acting predominantly out of Egypt, United Arab Emirates and Yemen, is reportedly actively sending malware files to IT (information technology) and IR (incident response) staff seeking higher levels of access to specific networks.
Sending out spear-phishing emails, including file names with terms specific to IT roles, the group attempts to trick users into clicking through to initiate the download of common remote access trojans (RATs), mainly XtremeRAT and PoisonIvy.
Because IT and IR staff generally have heightened network access and permissions “getting access to their devices could be worth a lot more than for a normal user,” the Russia-based vendor said.
Since 2012, the Gaza group has primarily targeted embassies and other government affiliations in the U.K. and Europe.