Threat Group, TA402/Molerats & NimbleMamba Malware

  |  Source: 

Threat Group, TA402/Molerats & NimbleMamba Malware

ProofPoint shares research on threat group, TA402 (aka Molerats) persistent in targeting "Middle Eastern governments, foreign policy think tanks, and a state-affiliated airline" since late 2021. The group operates in the interest of Palestinian Territories. Frequent usage of geofencing techniques is observed from the group, only directing targets of interest to malicious websites, with non-targets getting directed to benign sites. Dating back to November 2021, three different websites, Quora, Dropbox and WordPress, were URLs leveraged by the threat group in phishing emails to distribute a RAR file containing the NimbleMamba malware and/or a trojan, BrittleBush. In the Dropbox attack chain, geofencing was not utilized however, the DropBox API was used for C2 communication.


Get trending threats published weekly by the Anvilogic team.

Sign Up Now