Molerats hackers deploy new malware in highly evasive campaign



The Palestinian-aligned APT group tracked as TA402 (aka Molerats) was spotted using a new implant named ‘NimbleMamba’ in a cyber-espionage campaign that leverages geofencing and URL redirects to legitimate websites.

The campaign was discovered by Proofpoint, whose analysts observed three variations of the infection chain, all targeting governments in Middle Eastern countries, foreign policy think tanks, and a state-owned airline.

As for the timeline of the recent attacks, the actors first used NimbleMamba in November 2021 and continued the operation until late January 2022.

Read more…