Israeli Organizations Compromised by Phishing Attacks
Fifteen machines were compromised, including ones belonging to the Civil Administration.
Seculert researchers recently came across a new targeted attack that leveraged spear phishing e-mails to infect Israeli companies and government organizations with the "Xtreme RAT" remote access Trojan (h/t The Register).
"To date, 15 machines have been compromised including ones belonging to the Civil Administration of Judea and Samaria," Seculert CTO and co-founder Aviv Raff wrote in a blog post detailing the attack. "This is especially disconcerting as the Administration is responsible for entry and work permits from the West Bank to Israel."
The phishing e-mails, which claimed to come from Israel's internal security service, the Shin Bet, contained malicious attachments disguised as PDFs. "Closer examination of the spear phishing e-mails revealed that the attackers are not native Hebrew speakers and most likely copied and altered incomplete text to create the subject of the e-mail," Raff wrote.
The malware gave the attackers remote access to the targeted networks. For these attacks, according to Raff, the command and control server was located in the United States.
Photo courtesy of Shutterstock.