Israeli Organizations Compromised by Phishing Attacks

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Seculert researchers recently came across a new targeted attack that leveraged spear phishing e-mails to infect Israeli companies and government organizations with the "Xtreme RAT" remote access Trojan (h/t The Register).

"To date, 15 machines have been compromised including ones belonging to the Civil Administration of Judea and Samaria," Seculert CTO and co-founder Aviv Raff wrote in a blog post detailing the attack. "This is especially disconcerting as the Administration is responsible for entry and work permits from the West Bank to Israel."

The phishing e-mails, which claimed to come from Israel's internal security service, the Shin Bet, contained malicious attachments disguised as PDFs. "Closer examination of the spear phishing e-mails revealed that the attackers are not native Hebrew speakers and most likely copied and altered incomplete text to create the subject of the e-mail," Raff wrote.

The malware gave the attackers remote access to the targeted networks. For these attacks, according to Raff, the command and control server was located in the United States.