According to a discovery made by security researchers from Cybereason, top-ranking officials from Israel were being targeted by spear phishing cyber attacks. And the hackers group behind this campaign is suspected to be AridViper, a notorious cyber criminal group from Middle East.
AridViper aka Desert Falcon or APT-C-23 is an advanced persistent group that is being run by some Saudi politicians on a secret note.
Also known as a two-scaled scorpion, this APT group was initially assigned the duty of preying on Palestine law enforcement officers and people behind educational institutions.
In February this year, security researchers from Cisco Talos found that the Israel Palestine Conflict was fueling the AridViper to launch catfishing attacks.
Now, in March this year, Cybereason’s Nocturnus Research Team found that the cyber crime group has started a new campaign dubbed “Operation Bearded Barbie” through which it was targeting Israel individuals through cat fishing campaigns to infect their PCs and mobile devices with spying and data stealing tools.
Already 17 of the law enforcement officials, three working for defense and 8 from the emergency service sector, were found targeted, and the number is said to increase as the campaign unfolds.
Catfishing cyber attack campaign is simple, just to create fake social media account pages and target individuals and trick them into downloading malware.
In most cases, profiles of beautiful women or upcoming models from fashion circuit are used to hook the victims in downloading trojanized messaging apps such as Barbwire Backdoor.
Barbwire had capabilities such as conducting surveillance, capturing keylogs, screen capturing, and eavesdropping and recording on digital conversations taking place between targeted individuals.
Also, the downloader has the capabilities of exfiltrating data to remote servers from compromised machines. And the information includes details such as MS office documents, archives, images and videos.
Additionally, Cybereason researchers also found an android malware dubbed VolatileVenom during the installation of discrete apps and is also found having capabilities of conducting espionage and data theft.
VolatileVenom being spread from Catfishing attacks had capabilities of spying on the victims through his/her WhatsApp, Facebook, twitter, Instagram, Skype and IMO messages.
Why the campaign is targeting only Israel government officials through Catfishing campaign is yet to be figured out?