Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques.
“The main goal of the attacks was to obtain highly confidential and sensitive information, specifically related to politicians, military activities, and ministries of foreign affairs,” Lior Rochberger, senior threat researcher at Palo Alto Networks, said in a technical deep dive published last week.
The company’s Cortex Threat Research team is tracking the activity under the temporary name CL-STA-0043 (where CL stands for cluster and STA stands for state-backed motivation), describing it as a “true advanced persistent threat.”
The infection chain is triggered by the exploitation of vulnerable on-premises Internet Information Services (IIS) and Microsoft Exchange servers to infiltrate target networks.
images from Hacker News