There is a hacking group which has been conducting cyber espionage attacks against targets in the Middle East as it dupes politicians, activists and various staff members at NGOs. The group is baiting the people by luring them into clicking into some websites for high profile companies which they have made authentic looking, and then after affects the users with malware.
The process has been dubbed Moonlight by security researchers because of the name that the hackers chose for the command and control domains. The group has managed to gain over two hundred samples of malware in the past two years and has continually been targeting individuals through their private email accounts rather than the corporate ones because they know people look into the private emails more. This, in turn, increases their chances of a successful attack.
The attacks have been mainly based on the crisis in Middle East which includes the war in Syria, or the conflict that is taking place in Palestine. It was discovered by cybersecurity researchers who are at Vectra Networks, and they also noted that the tools and resources which are being used by the hacking group remind them of the Gaza Hacker Team.
The Gaza Hacker Team was a group of hacktivists who were aligned with the Palestinian militant Islamic group, Hamas. The attacks are solely on the Middle Eastern targets and they have the text crafted in Arabic.
Oliver Tavakoli, the CTO at Vectra Networks said that the cyber attackers put in so much effort into crafting the emails and the websites and the documents that they create. But other than that, their tech is nothing to write home about. He also emphasized that the attackers did not necessarily need some deep and sophisticated hacking skills to do what they wanted.
The Moonlight attackers have been trying to make use of the phishing schemes to lure their would be victims into clicking on malicious documents which say they contain information on issues and events in the Middle East.
Another way that the attackers have been attacking is sending out links which lead to fake but authentic looking websites about topics related to the Middle East. Even though it looks like the real deal, users would have been already affected by a malware.
The end result? The victim is affected by a malware that conducts espionage.
At the moment, the endgame of Moonlight and who is behind it is unknown but the group is still active and continues to target Middle Eastern based corporations.