Security hawker gives the bird to mid-east hack group

A team of attackers tagged by Kaspersky as the first "advanced Arab hackers" has passed around malware targeting Middle East governments, the military and others.

So far 100 malware samples attributed to the group have been tagged, the hacker branding consultancy claims.

Kaspersky Labs researchers revealed the attacks at the company's analyst meeting where it yesterday unveiled a massive hacking campaign paraded as a 20 year effort of the US National Security Agency.

After giving this second team of attackers the moniker Desert Falcons, the Russian bears of anti-V said around 30 individuals seem to have launched operations in 2013, and their activity peaked last month.

Each campaign took aim at more than 3000 targets typical of advanced attack groups: state institutions, large media outlets, and utilities, Kaspersky claims.

More than a million files are said to be stolen from organisations based in 50 countries but largely in Egypt, Palestine, Israel, and Jordan.

Researcher Dmitry Bestuzhev said the use of social engineering and custom malware was very effective.

"The individuals behind this threat actor are highly determined, active and with good technical, political and cultural insight," Bestuzhev said.

"We expect this operation to carry on developing more trojans and using more advanced techniques.

"With enough funding, they might be able to acquire or develop exploits that would increase the efficiency of their attacks,” said , security expert at Kaspersky Lab’s Global Research and Analysis Team.

The Falcons' efforts saw human resources and finance staff targeted through phishing emails that contained malware designed to establish a beachhead within corporate networks.

The malware was hidden using left-to-right override, a facility intended for bi-directional text for documents that may contain English and Hebrew or Arabic scripts.

One of two custom backdoors were dropped after initial infection along with malware capable of stealing a large variety of data from machines, and an Android trojan that pinched SMS and call logs.

Kaspersky researchers were able to gain brief read access on one of the command and control servers and found some information published oddly by the attackers on Twitter.

Kaspersky Lab experts consider this actor to be the first known Arabic group of cyber mercenaries to develop and run full-scale cyber-espionage operations. ®