Security experts at ClearSky have published a report on the a cyber espionage campaign dubbed Thamar Reservoir that is targeting entities in the Middle East.
Security experts at ClearSky have uncovered a cyber espionage campaign dubbed Thamar Reservoir due to the name of its target Thamar E. Gindin. The investigation led the experts to date the Thamar Reservoir campaign back to 2011, threat actors adopted several attack techniques finalized to the espionage.
http://securityaffairs.co/wordpress/wp-content/uploads/2015/06/Thamar-Reservoir-campaign-2.jpg
The attackers focused their operations to gain access victim’s machine and take over their email accounts, according to researchers at ClearSky there no evidence of financial motivation for the attacks, a circumstance that suggest the involvement of state-sponsored hackers.
In many cases that hackers used the compromised accounts and machines to run further attacks against other targets, among the attach techniques adopted by threat actors observed by ClearSky there are:
- Breaching trusted websites to set up fake pages
- Multi-stage malware
- Multiple spear phishing emails based on reconnaissance and information gathering.
- Phone calls to the target.
- Messages on social networks.
Full Article
