African Press Association

Cyber spies targetting Middle East, North Africa

JOHANNESBURG, (CAJ News) – A GLOBAL security company has uncovered a new cyber-espionage campaign attributed to the continuously developing tensions in the Middle East and North Africa.

Kaspersky Lab unearthed the Operation Parliament, which it said was targeting high profile organisations from around the world with a focus on the above-mentioned regions.

The attacks have reportedly been active since 2017 and have targeted top legislative, executive and judicial powers, including but not limited to governmental and large private entities from the regions.

Affected countries are Djibouti, Egypt, Iraq, Jordan, Kuwait, Lebanon, Oman, Palestine, Qatar, Saudi Arabia, Somalia and the United Arab Emirates.

Djibouti and Somalia are nonetheless in East Africa.

Kaspersky Lab announced Operation Parliament at its Cyber Security Weekend for the Middle East, Turkey and Africa (META).

Its experts believe the cyberespionage campaign represents a new geopolitically motivated threat actor that is highly active and skilled.

“Operation Parliament is another symptom of the continuously developing tensions in the Middle East and North Africa,” said Mohamad Amin Hasbini, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

He said the company was witnessing higher sophistication and smarter techniques used by attackers and it did not look like they will stop or slow down anytime soon.

“The type of people and organisations targeted in this attack campaign should elevate their levels of cyber maturity in order to mitigate such attacks in the future.”

Attackers are believed to have access to an elaborate database of contacts for sensitive organisations and personnel worldwide, especially of non-trained staff.

Victims of the attacks include government entities, political figures, military and intelligence agencies, media outlets, research centers, Olympic foundations and large private companies.

Based on Kaspersky findings, the attackers have infiltrated their victims using malware that provides them with a remote cmd/powershell terminal that enables them to execute any scripts/commands and receive the result through http requests.

The attacks have taken great care to stay under the radar and have used techniques to verify the victims’ devices before infiltrating them.
– CAJ News