Researchers at Norwegian security firm Norman ASA studied a Trojan that was recently used to target the Israeli police force, and found that it appears to be part of an espionage operation that's been underway for at least a year, targeting both Palestinians and Israelis.
"The attackers were serving up the XtremeRat Trojan, which was infamously used in surveillance campaigns against Syrian activists," writes TechWeekEurope's Tom Brewster. "Whilst that Trojan has been in use for some time, the interesting thing about the versions sent to Israeli and Palestinian targets was that they were signed with what seemed to be a legitimate Microsoft certificate, Norman said."
"Interestingly, Norman found that attacks using that same faked certificate date back to at least May 2012 and have been controlled by botnet command-and-control (C&C) servers located in the United States," writes InformationWeek's Mathew J. Schwartz. "Upon further investigation, Norman discovered that since at least October 2011, other malware -- mostly versions of Xtreme RAT -- have been communicating with the same C&C infrastructure, as well as entire other botnets, which again are largely based at U.S. hosting services."
"The identity and motivation of the attacker was not known," writes Network World's Antone Gonsalves. "'The fact that you see the same infrastructure and apparently the same attacker attacking both sides of the conflict is something that we found very interesting,' said Einar Oftedal, vice president of emerging technologies and innovation at Norman. 'It's something we haven't seen before.'"
"When it comes to the all-important question of whether the attacks are state-sponsored, the work of hacktivists or just a group of people with too much time on their hands, unfortunately, uncovering the culprits behind the plot won’t be so easy," Infosecurity reports.