Kaspersky discovers a long-lasting campaign targeting government and diplomatic entities in the Middle East

CYBERCRIME

Researchers at Kaspersky have released information regarding a long lasting campaign by a lesser known threat actor actively targeting organizations in the Middle East. Dubbed WIRTE, the APT group primarily targets governmental and diplomatic entities across Egypt, Jordan, Lebanon, Palestine, Syria, and Turkey with potential infections across Gulf countries. Researchers also found victims within law firms, military and technology companies.

WIRTE’s motive is cyber espionage as they’re seen using tools to collect sensitive information from their victims. They are not technically sophisticated and rely on basic toolset and stealthy techniques such as using “Living off the Land (LotL)” binaries. This type of attack effectively allows WIRTE to use legitimate assets to achieve their motives. In some instances, the group used spear-phishing emails to lure victims into opening malicious Microsoft Excel/Word documents. The group expertly tricks victims into downloading files by using logos and trending topics from the Middle East region. Researchers are currently monitoring the campaign which has been active since at least 2019 and have reported their findings on Kaspersky’s Threat Intelligence Portal.

“We are seeing new and evolving threat actors across the Middle East as the environment dynamics change. Nevertheless, their objectives remain the same – collecting sensitive information. This re-emphasizes the curial need for governments and business entities to protect their crown jewels and sensitive data from any emerging targeted threat.” Said Maher Yamout, Senior Security Researcher at Kaspersky. “The group’s most common tactic is to initially install an interpreted language VBS (Visual Basic Script) and PowerShell-based malware. After successfully gaining initial foothold, the group starts exploring the network and deploying more complex malware in order to stealthily stay under the radar and collect sensitive information.” He added.

Kaspersky continues to track WIRTE as it continues to evolve and sharpen its toolset, the group is expected to make its way through cyberspace and continue to compromise its victims with possibly expanding to other neighboring countries. To stay safe from advanced threat campaigns like WIRTE, Kaspersky experts recommend:

Disable interpreters for scripting languages wherever possible.
Log PowerShell scripts executed on user machines.
Detect unusual user-agents in network traffic
Carry out a cybersecurity audit of your networks and remediate any weaknesses discovered in the perimeter or inside the network.
Install anti-APT and EDR solutions, enabling threat discovery and detection, investigation and timely remediation of incidents capabilities.
Provide your staff with basic cybersecurity hygiene training for phishing or other social engineering techniques

Learn more about the WIRTE APT group in the blog post at www.Securelist.com

-Ends-

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Send us your press releases to pressrelease.zawya@refinitiv.com

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.

Kaspersky discovers a long-lasting campaign targeting government and diplomatic entities in the Middle East

DISCOVER MORE

NBK hosts a series of workshops for the employees of Kuwait Fund for Arab Economic Development

Joby partners with Abu Dhabi to establish electric air taxi ecosystem

ADIO and AD Mobility Unveil UAE’s first operational vertiport

Aramco and FIFA announce global partnership

Deloitte Middle East announces 2024 Technology FAST 50 rankings

Abu Dhabi Mobility participates in the global event DRIFTx as part of the Abu Dhabi Mobility Week

Abu Dhabi advances the future of coastal transportation with REGENT

Basem Salfiti voted chairman of Bank al Etihad's board of directors, succeeding Isam Salfiti

Victor moves headquarters to Abu Dhabi

Albal Design launches UAE's first science based interior design concept

UAE retail investors embrace the AI boom, using AI tools to shape their investments

Al Ghurair and Mitsubishi Chemical Infratec deepen partnership with ALPOLIC manufacturing facility in Ras Al Khaimah, UAE

Daikin extends special support to flood-affected communities to restore air conditioning systems

UK police lead global operation against phishing website platform

Financial sector lost $12bln in 20 years due to cyberattacks: IMF

Cybercrime cases continue to rise, up 21.84% in Q1 in Philippines

UAE residents urged to stay vigilant amid cyber threats; tips to spot phishing emails

Russian official says election video surveillance systems in Siberia hit by cyberattack - TASS

LATEST VIDEO

VIDEO: Expect more extreme weather threats like UAE floods worldwide – Climate expert

ZAWYA COVERAGE

87% of Saudi Vision 2030 initiatives now complete, on track

Most UAE investors bet on AI for huge returns - survey

Oil to exceed $100 if Middle East conflict worsens- World Bank

Archer signs deal with Abu Dhabi to launch air taxi services in the UAE by 2025

Friday Outlook: Asia stocks, yen tentative; dollar sags

Oil settles higher as weak U.S. economic growth offset by supply concerns

Dollar sags after mixed US growth and inflation report, except against yen

US Stocks: Wall Street stocks fall as weak GDP growth spreads rate-cut gloom

Crypto firm Consensys sues US SEC over Ethereum regulation

THE BRI REPORT

China’s flagship global infrastructure initiative is changing in the face of potent headwinds